** Description changed:
Binary package hint: clamav
havp content scanner can use clamav to scan for viruses in downloaded
files. It can use either libclamav or clamav daemon through socket. When
the latter is selected havp fails to start and an entry is made in
havp/error.log
- 03/09/2009 14:32:24 === Starting HAVP Version: 0.89
- 03/09/2009 14:32:24 Running as user: havp, group: havp
- 03/09/2009 14:32:24 --- Initializing Clamd Socket Scanner
- 03/09/2009 14:32:24 ERROR: Clamd Socket Scanner failed EICAR virus test!
(Access denied.)
-
- In /var/log/messages the following error appears:
-
- Sep 3 14:32:24 utest-jj kernel: [192255.269799] type=1503
- audit(1251977544.838:15): operation="inode_permission"
- requested_mask="::r" denied_mask="::r" fsuid=110 name="/var/spool/havp
- /havp-iwGmjS" pid=6734 profile="/usr/sbin/clamd"
-
- Steps to recreate:
+ TEST CASE:
1. install apparmor, clamav-daemon and havp
1a. usermod -a -G havp clamav (and restart clamav-daemon) !
- 2. configure havp to use clamav-daemon for scanning, edit
/etc/havp/havp.config
+ 2. configure havp to use clamav-daemon for scanning, edit
/etc/havp/havp.config:
ENABLECLAMLIB false
ENABLECLAMD true
CLAMDSOCKET /var/run/clamav/clamd.ctl
3. try (re)starting havp, it should not start, with the following message:
r...@utest-jj:/etc/havp# /etc/init.d/havp start
Mounting /var/lib/havp/havp.loop under /var/spool/havp ...done
Cleaning up /var/spool/havp... done
Starting havp: Starting HAVP Version: 0.89
One or more scanners failed to initialize!
Check errorlog for errors.
Exiting..
- 4. check the logs for the errors (/var/log/havp/error.log and
- /var/log/messages)
+ 4. check the logs for errors
- This is confirmed in Jaunty/Intrepid/Hardy/Dapper with the latest clamav
- version backported. As we're always trying to backport the latest
- clamav, IMHO this should be fixed in Karmic's 0.95.2+dfsg-4ubuntu2 and
- we'll backport it.
+ /var/log/havp/error.log:
+ 03/09/2009 14:32:24 === Starting HAVP Version: 0.89
+ 03/09/2009 14:32:24 Running as user: havp, group: havp
+ 03/09/2009 14:32:24 --- Initializing Clamd Socket Scanner
+ 03/09/2009 14:32:24 ERROR: Clamd Socket Scanner failed EICAR virus test!
(Access denied.)
+
+ /var/log/messages:
+ Sep 3 14:32:24 utest-jj kernel: [192255.269799] type=1503
audit(1251977544.838:15): operation="inode_permission" requested_mask="::r"
denied_mask="::r" fsuid=110 name="/var/spool/havp/havp-iwGmjS" pid=6734
profile="/usr/sbin/clamd"
+
+ It means clamd doesn't have access to havp's temporary files to scan
+ them.
+
+ 5. regression potential is considered very low, as the only change was
+ to make apparmor less restrictive
--
clamd apparmor profile needs entry for havp
https://bugs.launchpad.net/bugs/423669
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
