1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#266626: clamav-daemon: clamd runs as wrong user when linked with AM

    From Matthew T. Atkinson@1:229/2 to All on Wed Aug 18 16:20:08 2004
    From: [email protected]

    Package: clamav-daemon
    Version: 0.75.1-2
    Severity: important

    Hello,

    Just upgraded Woody to Testing. I am using clamd in conjunction with
    AMaViS to scan mails for viruses. The problem is that the configuration
    broke - no viruses were scanned. This is becuase clamd needs to be run
    as the same user as amavis.

    It would be very beneficial to have a message reporting this change in
    the package so that Woody admins can be alerted to the problem.
    Ideally, the package would correct this situation automatically.

    Thanks for your time, best regards,


    Matthew T. Atkinson

    -- System Information:
    Debian Release: 3.1
    APT prefers testing
    APT policy: (500, 'testing')
    Architecture: i386 (i686)
    Kernel: Linux 2.4.25
    Locale: LANG=C, LC_CTYPE=C

    Versions of packages clamav-daemon depends on:
    ii clamav 0.75.1-2 Antivirus scanner for Unix
    ii clamav-freshclam [clamav-da 0.75.1-2 Downloads clamav virus databases f ii debconf [debconf-2.0] 1.4.30 Debian configuration management sy ii libbz2-1.0 1.0.2-1 A high-quality block-sorting file ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an ii libclamav1 0.75.1-2 Virus scanner library
    ii libgmp3 4.1.3-2 Multiprecision arithmetic library ii logrotate 3.7-2 Log rotation utility
    ii ucf 1.07 Update Configuration File: preserv ii zlib1g 1:1.2.1.1-5 compression library - runtime

    -- debconf information:
    clamav-daemon/debconf: true
    clamav-daemon/FollowDirectorySymlinks: false
    clamav-daemon/StreamMaxLength: 0
    clamav-daemon/ReadTimeout: 180
    clamav-daemon/MaxConnectionQueueLength: 15
    clamav-daemon/StreamSaveToDisk: true
    clamav-daemon/LogFile: /var/log/clamav/clamav.log
    clamav-daemon/ScanMail: true
    clamav-daemon/LogTime: true
    clamav-daemon/TcpOrLocal: UNIX
    clamav-daemon/ArchiveMaxFiles: 1000
    clamav-daemon/FixStaleSocket: true
    * clamav-daemon/User: clamav
    clamav-daemon/numinfo:
    clamav-daemon/MaxDirectoryRecursion: 0
    clamav-daemon/MaxThreads: 12
    clamav-daemon/ArchiveMaxRecursion: 5
    clamav-daemon/FollowFileSymlinks: false
    clamav-daemon/TCPSocket: 3310
    clamav-daemon/TCPAddr: any
    clamav-daemon/SelfCheck: 3600
    clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl
    clamav-daemon/ArchiveMaxFileSize: 10
    clamav-daemon/ScanRAR: false
    clamav-daemon/LogSyslog: false
    * clamav-daemon/AddGroups:
    clamav-daemon/ScanArchive: true


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Stephen Gran@1:229/2 to Matthew T. Atkinson on Wed Aug 18 16:50:09 2004
    From: [email protected]

    severity 266626 normal
    thanks
    This one time, at band camp, Matthew T. Atkinson said:
    Hello,

    Just upgraded Woody to Testing. I am using clamd in conjunction with
    AMaViS to scan mails for viruses. The problem is that the configuration broke - no viruses were scanned. This is becuase clamd needs to be run
    as the same user as amavis.

    See /usr/share/doc/clamav-base/README.Debian.gz for an explanation.
    This is almost impossible to guess at upgrade time. The safest thing is
    to add clamav to the amavis group, and add AllowSupplementaryGroups to clamav.conf. There is a debconf question about this, that will do all
    the magic for you.

    It would be very beneficial to have a message reporting this change in
    the package so that Woody admins can be alerted to the problem.
    Ideally, the package would correct this situation automatically.

    If you use apt-listchanges, this information would have been displayed -
    it's in NEWS.Debian in the clamav-daemon package.

    Thanks for your time, best regards,
    * clamav-daemon/AddGroups:
    ^^^^^^^^^^^^^^^^^^^^^^^^^
    This needs to be set. Try dpkg-reconfigure clamav-daemon.
    --
    -----------------------------------------------------------------
    | ,''`. Stephen Gran |
    | : :' : [email protected] |
    | `. `' Debian user, admin, and developer |
    | `- http://www.debian.org |
    -----------------------------------------------------------------

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBI2d0SYIMHOpZA44RAqedAKCwhHPev3RUCEqVc7CjxWxHCQCLogCfWJr+ qTC9rA6DmAS4BKDGiU35WFo=
    =mnWN
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Stephen Gran@1:229/2 to Matthew T. Atkinson on Wed Aug 18 17:30:12 2004
    From: [email protected]

    This one time, at band camp, Matthew T. Atkinson said:
    Hello,

    Thanks very much for replying so quickly and for explaining what had
    actually happened. I am very pleased that I now know what the right
    (i.e. Debian) way of setting it up is. It appears to be working fine
    now.

    Great - I'm glad it works as advertised :)

    What would you like to do with the bug, then?
    --
    -----------------------------------------------------------------
    | ,''`. Stephen Gran |
    | : :' : [email protected] |
    | `. `' Debian user, admin, and developer |
    | `- http://www.debian.org |
    -----------------------------------------------------------------

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBI3C4SYIMHOpZA44RAlW5AKDaBhqQrDjhDOIiIFp6x6PjK9BF3wCgwRA9 ZXBoHP2wA0a1SWq9+lP5JOc=
    =pecc
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)
  • From Stephen Gran@1:229/2 to Matthew T. Atkinson on Wed Aug 18 21:10:14 2004
    From: [email protected]

    On Wed, Aug 18, 2004 at 04:21:14PM +0100, Matthew T. Atkinson said:
    Hello,

    On Wed, 2004-08-18 at 16:07, Stephen Gran wrote:
    What would you like to do with the bug, then?

    Hmmm... well as I remember a lot of dpkg-reconifgures were run during
    the upgrade but I don't recall clamav's being one of them. Of course I
    could have forgotten about it amongst all the others, so forgive me if
    you know that it would have been run.

    Yes - clamav-daemon runs it's confgure script, but it doesn't do any interactive prompting during upgrade because There are between 20 and 30 questions to ask - way too many for every upgrade :) You just have to
    run dpkg-reconfigure after upgrade.

    I think that if it isn't run by default, it probably should be, so that everyone will be aware of the change. As it happens I do have apt-listchanges (and apt-listbugs) installed on my other debian box and
    one thing I have found is that during a big upgrade, it's easy to miss
    the odd detail due to the volume of information it brings up.

    It should be in the special NEWS section, which displays seperate from
    the other changelog entries. Maybe you don'thave apt-listchanges to
    show NEWS entries?

    I'd say this ``bug'' isn't really a bug as such after all :-). I would appreciate it if you could ensure that clamav is dpkg-reconfigured
    during the upgrade, but if it already is, or this violates policy or something, then just close the bug.

    No policy violation, but see above - just too much junk spit to screen.

    --
    -----------------------------------------------------------------
    | ,''`. Stephen Gran |
    | : :' : [email protected] |
    | `. `' Debian user, admin, and developer |
    | `- http://www.debian.org |
    -----------------------------------------------------------------

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.4 (GNU/Linux)

    iD8DBQFBI6SXSYIMHOpZA44RAoHRAJ0YPLylnvnk30UmWCldv8A3lViI7QCfRSDW YiyiOW7sefrkMvrHOll5K0w=
    =D06Y
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)