Mailing List Archive

0.98.5-rc1 milter feedback
Some early feedback for 0.98.5-rc1:

As with some of the later beta releases, 0.98.5-rc1 clamav-milter in
conjunction with postfix 2.11.2 fails to add headers to inbound or
outbound mail. With "AddHeader Replace" in clamav-milter.conf, messages
receive no added headers and the clamav-milter log contains the messages:
"Failed to add X-Virus-Scanned header" and
"Failed to add X-Virus-Status header".

-- Mike

_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
Does this happen with 0.98? clamav-milter hasn't changed for a few years
(other than adding a call to cl_initialize_crypto() in 0.98.5-rc1).

Thanks,

Shawn

On Thu, Oct 16, 2014 at 9:16 PM, Michael G. Janicki <m.g.j.janicki@gmail.com
> wrote:

>
> Some early feedback for 0.98.5-rc1:
>
> As with some of the later beta releases, 0.98.5-rc1 clamav-milter in
> conjunction with postfix 2.11.2 fails to add headers to inbound or
> outbound mail. With "AddHeader Replace" in clamav-milter.conf, messages
> receive no added headers and the clamav-milter log contains the messages:
> "Failed to add X-Virus-Scanned header" and
> "Failed to add X-Virus-Status header".
>
> -- Mike
>
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On 10/16/2014 06:40 PM, Shawn Webb wrote:
> Does this happen with 0.98?

Does not happen with 0.98.4.
Does not happen with the original 0.98.5-beta1.
Does happen with devel-20140905.
Does happen with 0.98.5-rc1.

> clamav-milter hasn't changed for a few years
> (other than adding a call to cl_initialize_crypto() in 0.98.5-rc1).

That's what I would have thought but things changed somewhere during
the beta series. Have a look in and around lines 96-114 or so in
clamav-milter/clamfi.c of -rc1. It changed, but I can't see anything
that would cause a problem.

Thanks for looking into it.

-- Mike
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On Thu, Oct 16, 2014 at 9:57 PM, Michael G. Janicki <m.g.j.janicki@gmail.com
> wrote:

>
>
> On 10/16/2014 06:40 PM, Shawn Webb wrote:
> > Does this happen with 0.98?
>
> Does not happen with 0.98.4.
> Does not happen with the original 0.98.5-beta1.
> Does happen with devel-20140905.
> Does happen with 0.98.5-rc1.
>
> > clamav-milter hasn't changed for a few years
> > (other than adding a call to cl_initialize_crypto() in 0.98.5-rc1).
>
> That's what I would have thought but things changed somewhere during
> the beta series. Have a look in and around lines 96-114 or so in
> clamav-milter/clamfi.c of -rc1. It changed, but I can't see anything
> that would cause a problem.
>
> Thanks for looking into it.


Anytime. I'll investigate further tomorrow. Do you have any steps for
reproduction? I'd like to try to reproduce your setup as closely as I can.
If you could include config files (sanitized, of course), that'd be great.

Thanks,

Shawn
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On 10/16/2014 07:00 PM, Shawn Webb wrote:
> Anytime. I'll investigate further tomorrow. Do you have any steps for
> reproduction?

Hmm reproduction is that it just happens. But, here's how I'm running
things. clamav-0.98.5-rc1 running as daemon. Postfix 2.11.2 running as
daemon and clamav using clamav-milter to communicate with Postfix via
Unix socket. (clamav-milter.conf below). clamav-milter is not SUID.
It manages to work with Postfix by being a member of the group which
can accessthe necessary Postfix files. I've had it working this way
for about a year now so I don't think there's anything too strange
about the setup.

No major changes in the configuration of either ClamAV or Postfix have
been made recently. At one point messages were correctly marked with
X-Virus-Scanned and X-Virus-Status as dictated by the
"AddHeader Replace" directive in clamav-milter.conf. At some point
during the beta development cycle, the headers just stopped being placed
into messages. Sorry I can't be more specific as to when it began, but
I know it was apparent in 20140905.

Thanks again, Shawn.

-- Mike

clamav-milter.conf
------------------
MilterSocket unix:/var/run/clamav/clamav-milter.socket
MilterSocketGroup postfix
MilterSocketMode 660
FixStaleSocket yes
User clamav
AllowSupplementaryGroups yes
ReadTimeout 120
Foreground no
PidFile /var/run/clamav/clamav-milter.pid
TemporaryDirectory /tmp
ClamdSocket unix:/var/run/clamav/clamd.socket
MaxFileSize 10M
OnClean Accept
OnInfected Quarantine
OnFail Defer
AddHeader Replace
LogFile /var/log/clamav/clamav-milter.log
LogFileMaxSize 2M
LogTime yes
LogSyslog yes
LogFacility LOG_LOCAL6
LogVerbose yes
LogRotate yes
LogInfected Full
LogClean Off
SupportMultipleRecipients yes
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On Thu, Oct 16, 2014 at 10:29 PM, Michael G. Janicki <
m.g.j.janicki@gmail.com> wrote:

>
>
> On 10/16/2014 07:00 PM, Shawn Webb wrote:
> > Anytime. I'll investigate further tomorrow. Do you have any steps for
> > reproduction?
>
> Hmm reproduction is that it just happens. But, here's how I'm running
> things. clamav-0.98.5-rc1 running as daemon. Postfix 2.11.2 running as
> daemon and clamav using clamav-milter to communicate with Postfix via
> Unix socket. (clamav-milter.conf below). clamav-milter is not SUID.
> It manages to work with Postfix by being a member of the group which
> can accessthe necessary Postfix files. I've had it working this way
> for about a year now so I don't think there's anything too strange
> about the setup.
>
> No major changes in the configuration of either ClamAV or Postfix have
> been made recently. At one point messages were correctly marked with
> X-Virus-Scanned and X-Virus-Status as dictated by the
> "AddHeader Replace" directive in clamav-milter.conf. At some point
> during the beta development cycle, the headers just stopped being placed
> into messages. Sorry I can't be more specific as to when it began, but
> I know it was apparent in 20140905.
>
> Thanks again, Shawn.
>
> -- Mike


Hey Mike,

Some stuff came up on Friday, so I wasn't able to take a look at your
issue. I'm going to look at it today. Can you post your clamd.conf, too,
please?

Thanks,

Shawn
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On Mon, Oct 20, 2014 at 11:08 AM, Shawn Webb <swebb@sourcefire.com> wrote:

> On Thu, Oct 16, 2014 at 10:29 PM, Michael G. Janicki <
> m.g.j.janicki@gmail.com> wrote:
>
>>
>>
>> On 10/16/2014 07:00 PM, Shawn Webb wrote:
>> > Anytime. I'll investigate further tomorrow. Do you have any steps for
>> > reproduction?
>>
>> Hmm reproduction is that it just happens. But, here's how I'm running
>> things. clamav-0.98.5-rc1 running as daemon. Postfix 2.11.2 running as
>> daemon and clamav using clamav-milter to communicate with Postfix via
>> Unix socket. (clamav-milter.conf below). clamav-milter is not SUID.
>> It manages to work with Postfix by being a member of the group which
>> can accessthe necessary Postfix files. I've had it working this way
>> for about a year now so I don't think there's anything too strange
>> about the setup.
>>
>> No major changes in the configuration of either ClamAV or Postfix have
>> been made recently. At one point messages were correctly marked with
>> X-Virus-Scanned and X-Virus-Status as dictated by the
>> "AddHeader Replace" directive in clamav-milter.conf. At some point
>> during the beta development cycle, the headers just stopped being placed
>> into messages. Sorry I can't be more specific as to when it began, but
>> I know it was apparent in 20140905.
>>
>> Thanks again, Shawn.
>>
>> -- Mike
>
>
> Hey Mike,
>
> Some stuff came up on Friday, so I wasn't able to take a look at your
> issue. I'm going to look at it today. Can you post your clamd.conf, too,
> please?
>
> Thanks,
>
> Shawn
>

Don't worry about the clamd.conf. I reproduced your issue and I found out
commit 3e0b86d05c5a68664b2202c23316a0b75d5bd6ec caused this bug. I reverted
that commit. We'll be pushing out an 0.98.5-rc2 in the near future.

Thanks,

Shawn
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml
Re: 0.98.5-rc1 milter feedback [ In reply to ]
On Mon, Oct 20, 2014 at 11:08 AM, Shawn Webb <swebb@sourcefire.com> wrote:

> Don't worry about the clamd.conf. I reproduced your issue and I found out
> commit 3e0b86d05c5a68664b2202c23316a0b75d5bd6ec caused this bug. I reverted
> that commit. We'll be pushing out an 0.98.5-rc2 in the near future.

Nice work, Shawn. Thanks very much for looking into it and finding a solution so quickly. Have a good one.

-- Mike
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml