Summary: | [PATCH] kmail_clamav.sh needs tuning, when clamd runs as a different user | ||
---|---|---|---|
Product: | [Applications] kmail | Reporter: | Sascha Lucas <sascha_lucas> |
Component: | general | Assignee: | kdepim bugs <kdepim-bugs> |
Status: | RESOLVED UNMAINTAINED | ||
Severity: | normal | Keywords: | triaged |
Priority: | NOR | ||
Version: | 1.10.1 | ||
Target Milestone: | --- | ||
Platform: | Gentoo Packages | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
Sascha Lucas
2008-10-25 09:24:00 UTC
Did you actually test the patch you posted here?? Because I don't think this will work, since "ps -eo user,comm|grep clamd" will get you the username and the process name, which can't be equal to the username alone. I suggest adding "| awk '{print $1}'", therefore making it "ps -eo user,comm | grep clamd | awk '{print $1}" I don't have clamav here, so please test if that works or submit your working solution. Thanks for submitting the patch. (In reply to comment #1) > Did you actually test the patch you posted here?? actually not enough. I must revert my bugreport. Every thing works as expected. > "ps -eo user,comm | grep clamd | awk '{print $1}" you are right! else it wont work this way. > I don't have clamav here, so please test if that works or submit your working > solution. Last I can't reproduce what my problem was. I think I tested only by executing "clamdscan --stdout --no-summary /some/virus/in/my/home". And indeed clamdscan behaves like described above. The reason seems that my $HOME has not the permisson o+rx. So clamd can't access the test file. But now an other issue appears: kmail_clamav.sh has an insecure tempfile creation, when clamdscan is used (line 39: chmod a+r $TEMPFILE). While mktemp creates secure tempfiles, now my mails are readable by all! The chmod a+r seems to be an uggly workaround to make $TEMPFILE accessible for clamd. So my wish is to make it more secure by this patch (now better tested by running "kmail_clamav.sh < eicar.com" with and without clamd running -> "X-Virus-Flag: yes" appears) --- /usr/kde/4.1/bin/kmail_clamav.sh 2008-01-15 02:57:51.000000000 +0100 +++ kmail_clamav.sh 2008-11-21 10:23:01.000000000 +0100 @@ -36,14 +36,13 @@ # check for a running daemon if [ "`ps -eo comm|grep clamd`" = "clamd" ]; then - chmod a+r $TEMPFILE - CLAMCOMANDO="clamdscan --stdout --no-summary " + CLAMCOMANDO="clamdscan --stdout --no-summary - <" else CLAMCOMANDO="clamscan --stdout --no-summary" fi # analyze the message -if $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then +if eval $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then echo "X-Virus-Flag: yes" else echo "X-Virus-Flag: no" Please decide weather this bug should be closed as invalid and if I should open a new one with the tempfile issue... Thank you for taking the time to file a bug report. KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2. We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback. |