[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
** Changed in: clamav (Ubuntu) Status: Confirmed = In Progress ** Changed in: clamav (Ubuntu) Assignee: (unassigned) = Scott Kitterman (kitterman) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
This bug was fixed in the package clamav - 0.97.2+dfsg-1ubuntu2 --- clamav (0.97.2+dfsg-1ubuntu2) oneiric; urgency=low [ Imre Gergely ] * Fix clamd apparmor profile to work with mimedefang (LP: #829089) * Stop samba related log spamming from freshclam apparmor profile (LP: #752833) -- Scott Kitterman sc...@kitterman.com Thu, 25 Aug 2011 08:43:22 -0400 ** Changed in: clamav (Ubuntu) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
** Tags added: patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
I'm not up on current mimedefang, but doing something like this would be even better: /var/spool/MIMEDefang/mdefang-*/Work/ r, /var/spool/MIMEDefang/mdefang-*/Work/** r, If mimedefang's spool directory only contains the files to be scanned, then the easier to maintain '/var/spool/MIMEDefang/** r,' is totally fine. If there is other stuff in there, may be it is worth using what I suggested above, but weighed against maintenance/fragility, maybe not. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
'/var/spool/MIMEDefang/** r,' looks good. It is similar for what we are doing with all the others (amavis, havp, etc). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
This is what it looks like: root@utest-nns32:/var/spool/MIMEDefang/mdefang-p7JIVdIk002047# ls -la total 32 drwxr-x--- 4 defang defang 4096 2011-08-19 21:31 . drwxr-x--- 4 defang defang 4096 2011-08-19 21:31 .. -rw-r- 1 defang defang 513 2011-08-19 21:31 COMMANDS -rw-r- 1 defang defang 569 2011-08-19 21:31 HEADERS -rw-r- 1 defang defang 1206 2011-08-19 21:31 INPUTMSG -rw-r- 1 defang defang2 2011-08-19 21:31 RESULTS drwxr-x--- 2 defang defang 4096 2011-08-19 21:31 tmp drwxr-x--- 2 defang defang 4096 2011-08-19 21:31 Work COMMANDS seems to contain the SMTP commands, HEADERS the actual email headers, INPUTMSG is the complete email (headers included), RESULTS and tmp/ I'm not sure what they are and Work/ contains the email body and any attachments it may have. root@utest-nns32:/var/spool/MIMEDefang/mdefang-p7JIVdIk002047/Work# ls -la total 16 drwxr-x--- 2 defang defang 4096 2011-08-19 21:31 . drwxr-x--- 4 defang defang 4096 2011-08-19 21:31 .. -rw-r- 1 defang defang 17 2011-08-19 21:31 msg-2040-1.txt-- email body -rw-r- 1 defang defang 184 2011-08-19 21:31 msg-2040-2.zip -- attachment I would guess that clamd is only scanning Work/* , but I can't say for sure, I'm not that familiar with mimedefang (first time ever testing it). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
Tested and working with your more restrictive version root@utest-oos32:/etc/mail# cat /etc/apparmor.d/usr.sbin.clamd | grep -i mimedefang # For mimedefang integration /var/spool/MIMEDefang/mdefang-*/Work/ r, /var/spool/MIMEDefang/mdefang-*/Work/** r, Aug 19 22:29:29 utest-oos32 kernel: [ 9102.069911] type=1400 audit(1313782169.299:29): apparmor=STATUS operation=profile_replace name=/usr/sbin/clamd pid=20079 comm=apparmor_parser Aug 19 22:29:44 utest-oos32 mimedefang.pl[19942]: Discarding because of virus Eicar-Test-Signature Aug 19 22:29:44 utest-oos32 mimedefang.pl[19942]: filter: p7JJThfN020084: discard=1 Aug 19 22:29:44 utest-oos32 mimedefang[19941]: p7JJThfN020084: Discarding because filter instructed us to Aug 19 22:29:44 utest-oos32 sm-mta[20084]: p7JJThfN020084: Milter: data, discard Aug 19 22:29:44 utest-oos32 sm-mta[20084]: p7JJThfN020084: discarded Patch against apparmor profile attached. ** Patch added: usr.sbin.clamd-oneiric.diff https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+attachment/2292899/+files/usr.sbin.clamd-oneiric.diff ** Changed in: clamav (Ubuntu) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 829089] Re: clamd scanning mimedefang temp files blocked by apparmor
Adding the following rule to /etc/apparmor.d/usr.sbin.clamd resolves the problem apparently /var/spool/MIMEDefang/** r, Scanning works: Aug 19 02:04:31 utest-nns32 mimedefang.pl[4544]: MDLOG,p7IN4UXO005515,virus,Eicar-Test-Signature,172.16.21.1,gergelyi...@gmail.com,gi...@utest-nns32.narancs.net,[TESTMAIL] eicar test mail Aug 19 02:04:31 utest-nns32 mimedefang.pl[4544]: Discarding because of virus Eicar-Test-Signature Aug 19 02:04:31 utest-nns32 mimedefang.pl[4544]: filter: p7IN4UXO005515: discard=1 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to clamav in Ubuntu. https://bugs.launchpad.net/bugs/829089 Title: clamd scanning mimedefang temp files blocked by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/829089/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
