[Bug 423669] [NEW] clamd apparmor profile needs entry for havp

Imre Gergely gimre at narancs.net
Thu Sep 3 11:54:51 UTC 2009 

Public bug reported:

Binary package hint: clamav

havp content scanner can use clamav to scan for viruses in downloaded
files. It can use either libclamav or clamav daemon through socket. When
the latter is selected havp fails to start and an entry is made in
havp/error.log

03/09/2009 14:32:24 === Starting HAVP Version: 0.89
03/09/2009 14:32:24 Running as user: havp, group: havp
03/09/2009 14:32:24 --- Initializing Clamd Socket Scanner
03/09/2009 14:32:24 ERROR: Clamd Socket Scanner failed EICAR virus test! (Access denied.)

In /var/log/messages the following error appears:

Sep  3 14:32:24 utest-jj kernel: [192255.269799] type=1503
audit(1251977544.838:15): operation="inode_permission"
requested_mask="::r" denied_mask="::r" fsuid=110 name="/var/spool/havp
/havp-iwGmjS" pid=6734 profile="/usr/sbin/clamd"

Steps to recreate:

1. install apparmor, clamav-daemon and havp
1a. usermod -a -G havp clamav (and restart clamav-daemon) !
2. configure havp to use clamav-daemon for scanning, edit /etc/havp/havp.config
    ENABLECLAMLIB false
    ENABLECLAMD true
    CLAMDSOCKET /var/run/clamav/clamd.ctl
3. try (re)starting havp, it should not start, with the following message:

root at utest-jj:/etc/havp# /etc/init.d/havp start
Mounting /var/lib/havp/havp.loop under /var/spool/havp ...done
Cleaning up /var/spool/havp... done
Starting havp: Starting HAVP Version: 0.89
One or more scanners failed to initialize!
Check errorlog for errors.
Exiting..

4. check the logs for the errors (/var/log/havp/error.log and
/var/log/messages)

This is confirmed in Jaunty/Intrepid/Hardy/Dapper with the latest clamav
version backported. As we're always trying to backport the latest
clamav, IMHO this should be fixed in Karmic's 0.95.2+dfsg-4ubuntu2 and
we'll backport it.

** Affects: clamav (Ubuntu)
     Importance: Undecided
         Status: New

-- 
clamd apparmor profile needs entry for havp
https://bugs.launchpad.net/bugs/423669
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list