Version: (using KDE 4.1.2) OS: Linux Installed from: Gentoo Packages If you run clamd as a system service (as provided by distributions), clamdscan needs to be called in an other way, if the UIDs between system service and scanning person differ. Else I get the following error: $ clamdscan /some/test/file /some/test/file: lstat() failed. ERROR the man page of Clamd client(1) = clamdscan says in Examples: (3) To scan a file when clamd is running as a different user: clamdscan - <file_to_scan so here is a patch for kmail_clamav.sh --- /usr/kde/4.1/bin/kmail_clamav.sh +++ /tmp/kmail_clamav.sh @@ -37,13 +37,18 @@ # check for a running daemon if [ "`ps -eo comm|grep clamd`" = "clamd" ]; then chmod a+r $TEMPFILE - CLAMCOMANDO="clamdscan --stdout --no-summary " + # check how calmdscan should be called, because of differnt user + if [ "`ps -eo user,comm|grep clamd`" = "`whoami`" ]; then + CLAMCOMANDO="clamdscan --stdout --no-summary " + else + CLAMCOMANDO="clamdscan --stdout --no-summary - < " + fi else CLAMCOMANDO="clamscan --stdout --no-summary" fi # analyze the message -if $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then +if eval $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then echo "X-Virus-Flag: yes" else echo "X-Virus-Flag: no" Maybe the "- <" command may work in both cases. please also note, that kde-3.5.10 (kmail 1.9.10) is also affected (kmail_clamav.sh hasn't changed).
Did you actually test the patch you posted here?? Because I don't think this will work, since "ps -eo user,comm|grep clamd" will get you the username and the process name, which can't be equal to the username alone. I suggest adding "| awk '{print $1}'", therefore making it "ps -eo user,comm | grep clamd | awk '{print $1}" I don't have clamav here, so please test if that works or submit your working solution. Thanks for submitting the patch.
(In reply to comment #1) > Did you actually test the patch you posted here?? actually not enough. I must revert my bugreport. Every thing works as expected. > "ps -eo user,comm | grep clamd | awk '{print $1}" you are right! else it wont work this way. > I don't have clamav here, so please test if that works or submit your working > solution. Last I can't reproduce what my problem was. I think I tested only by executing "clamdscan --stdout --no-summary /some/virus/in/my/home". And indeed clamdscan behaves like described above. The reason seems that my $HOME has not the permisson o+rx. So clamd can't access the test file. But now an other issue appears: kmail_clamav.sh has an insecure tempfile creation, when clamdscan is used (line 39: chmod a+r $TEMPFILE). While mktemp creates secure tempfiles, now my mails are readable by all! The chmod a+r seems to be an uggly workaround to make $TEMPFILE accessible for clamd. So my wish is to make it more secure by this patch (now better tested by running "kmail_clamav.sh < eicar.com" with and without clamd running -> "X-Virus-Flag: yes" appears) --- /usr/kde/4.1/bin/kmail_clamav.sh 2008-01-15 02:57:51.000000000 +0100 +++ kmail_clamav.sh 2008-11-21 10:23:01.000000000 +0100 @@ -36,14 +36,13 @@ # check for a running daemon if [ "`ps -eo comm|grep clamd`" = "clamd" ]; then - chmod a+r $TEMPFILE - CLAMCOMANDO="clamdscan --stdout --no-summary " + CLAMCOMANDO="clamdscan --stdout --no-summary - <" else CLAMCOMANDO="clamscan --stdout --no-summary" fi # analyze the message -if $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then +if eval $CLAMCOMANDO $TEMPFILE | grep -q FOUND; then echo "X-Virus-Flag: yes" else echo "X-Virus-Flag: no" Please decide weather this bug should be closed as invalid and if I should open a new one with the tempfile issue...
Thank you for taking the time to file a bug report. KMail2 was released in 2011, and the entire code base went through significant changes. We are currently in the process of porting to Qt5 and KF5. It is unlikely that these bugs are still valid in KMail2. We welcome you to try out KMail 2 with the KDE 4.14 release and give your feedback.