Ok, for all those to come, the answer to antivirus not working with a chrooted apache can be found at http://de.php.net/manual/en/function.passthru.php#84773: you need a shell program inside the chroot too (duh!). Mediawiki's function wfShellExec (line 2392 in GlobalFunctions.php) calls the php command 'passthru' which tries to execute a shell command. Php tries to open a shell to execute clamdscan or clamscan so when it gives you a 127 (command not found) it's not necessarily saying that clamd(d)scan is not found, in this case it doesn't find a shell to use to execute clamd(d)scan and the 127 says 'shell not found'.
Recap: make sure that....... the clamd(d)scan executable is inside the chroot and executable by the user that will call the program (so you can scan) there is a shell program is executable inside the chroot (so you can execute the scanner) there is hardlinked clamav.sock (or equivalent) socket for communicating with clamd outside of the chroot there is a clamd.conf file to direct clam(d)scan to the right socket your $wgAntivirusSetup['command'] reads something like "/usr/local/bin/clamdscan --fdpass --no-summary" (otherwise scan's will fail with an error 2) ...... now all the messages from clamav work like they should! Thanks Platonides. -------- Original Message -------- From: Platonides <[email protected]> Apparently from: [email protected] To: [email protected] Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache Date: Mon, 06 Sep 2010 00:25:24 +0200 > [email protected] wrote: > > Passing --fdpass or --stream to clamdscan works for calling up a scan on > > the command prompt however calling it through mediawiki (via the chrooted > > web user www) still fails with an error 127. If I make a file called > > test.php containing: > > <?php > > define("MEDIAWIKI", "mediawiki"); > > require_once("/htdocs/w/includes/GlobalFunctions.php" ); > > $output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass > > --no-summary '/htdocs/file.txt' 2>&1, $exitCode ); > > echo "exitcode is $exitCode"; > > ?> > > > > Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass > > --no-summary '/htdocs/file.txt' 2>&1" will work just fine but running the > > script will always fail with error 127. Even substituting in the $output > > line something like wfShellExec( "/bin/echo 'hello world' > world.txt" ); > > will always fail with error 127 as well, despite echo being at > > /var/www/bin/echo and permissions readable and executable by the proper www > > user. Appears that there may be something up with how mediawiki is > > executing shell commands, maybe I'm going about testing this the wrong way. > > > > Thanks for the insight. > > Exit code 127 is usually the shell not finding out the executable. > Try removing command= from the beginning (you also miss the closing of > the double quotes, by that seems an overlook on copying). > > > _______________________________________________ > MediaWiki-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/mediawiki-l _______________________________________________ MediaWiki-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
