Passing --fdpass or --stream to clamdscan works for calling up a scan on the
command prompt however calling it through mediawiki (via the chrooted web user
www) still fails with an error 127. If I make a file called test.php
containing:
<?php
define("MEDIAWIKI", "mediawiki");
require_once("/htdocs/w/includes/GlobalFunctions.php" );
$output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass --no-summary
'/htdocs/file.txt' 2>&1, $exitCode );
echo "exitcode is $exitCode";
?>
Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass
--no-summary '/htdocs/file.txt' 2>&1" will work just fine but running the
script will always fail with error 127. Even substituting in the $output line
something like wfShellExec( "/bin/echo 'hello world' > world.txt" ); will
always fail with error 127 as well, despite echo being at /var/www/bin/echo and
permissions readable and executable by the proper www user. Appears that there
may be something up with how mediawiki is executing shell commands, maybe I'm
going about testing this the wrong way.
Thanks for the insight.
-------- Original Message --------
From: Platonides <[email protected]>
Apparently from: [email protected]
To: [email protected]
Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache
Date: Fri, 03 Sep 2010 23:02:09 +0200
> [email protected] wrote:
> > Thanks for the suggestion Platonides. After some digging around it appears
> > that I have the same problem identified at
> > http://readlist.com/lists/lists.clamav.net/clamav-users/1/6452.html which
> > looks to be a problem with clamdscan passing a path within the chroot to
> > clamd which typically won't exist. To test this one can 'touch
> > /var/www/tmp/test' then 'chroot -u www /var/www /usr/local/bin/clamdscan
> > /tmp/test' and it will fail with '/tmp/test: lstat() failed: No such file
> > or directory. ERROR'. Now if one executes 'touch /tmp/test' and tries to
> > scan within the chroot again it will work (barring any permissions
> > problems). What I need is a way to tell clamd to append the chroot path
> > onto the path supplied by clamdscan or trick clamdscan to not check for
> > file existence since clamdscan checks if the path is valid inside the
> > chroot then passes the path directly to clamd.
>
> Try passing --fdpass or --stream to clamdscan.
_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l