Passing --fdpass or --stream to clamdscan works for calling up a scan on the 
command prompt however calling it through mediawiki (via the chrooted web user 
www) still fails with an error 127.  If I make a file called test.php 
containing:
<?php
define("MEDIAWIKI", "mediawiki");
require_once("/htdocs/w/includes/GlobalFunctions.php" );
$output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass --no-summary 
'/htdocs/file.txt' 2>&1, $exitCode );
echo "exitcode is $exitCode";
?>

Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass 
--no-summary '/htdocs/file.txt' 2>&1" will work just fine but running the 
script will always fail with error 127.  Even substituting in the $output line 
something like wfShellExec( "/bin/echo 'hello world' > world.txt" ); will 
always fail with error 127 as well, despite echo being at /var/www/bin/echo and 
permissions readable and executable by the proper www user.  Appears that there 
may be something up with how mediawiki is executing shell commands, maybe I'm 
going about testing this the wrong way.

Thanks for the insight.

-------- Original Message --------
From: Platonides <[email protected]>
Apparently from: [email protected]
To: [email protected]
Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache
Date: Fri, 03 Sep 2010 23:02:09 +0200

> [email protected] wrote:
> > Thanks for the suggestion Platonides.  After some digging around it appears 
> > that I have the same problem identified at 
> > http://readlist.com/lists/lists.clamav.net/clamav-users/1/6452.html which 
> > looks to be a problem with clamdscan passing a path within the chroot to 
> > clamd which typically won't exist.  To test this one can 'touch 
> > /var/www/tmp/test' then 'chroot -u www /var/www /usr/local/bin/clamdscan 
> > /tmp/test' and it will fail with '/tmp/test: lstat() failed: No such file 
> > or directory.  ERROR'.  Now if one executes 'touch /tmp/test' and tries to 
> > scan within the chroot again it will work (barring any permissions 
> > problems).  What I need is a way to tell clamd to append the chroot path 
> > onto the path supplied by clamdscan or trick clamdscan to not check for 
> > file existence since clamdscan checks if the path is valid inside the 
> > chroot then passes the path directly to clamd.
> 
> Try passing --fdpass or --stream to clamdscan.

_______________________________________________
MediaWiki-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l

Reply via email to