mahara-contributors team mailing list archive

Thread
Date

[Bug 1168422] Re: clamdscan permission issues

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1168422@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 May 2013 02:51:00 -0000
Reply-to: Bug 1168422 <1168422@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi guys,

Would the original chmod(0644) still be needed if you're using
"clamscan" rather than "clamdscan"?

Cheers,
Aaron

** Changed in: mahara
       Status: Fix Committed => In Progress

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contrib members
https://bugs.launchpad.net/bugs/1168422

Title:
  clamdscan permission issues

Status in Mahara ePortfolio:
  In Progress

Bug description:
  Sometimes clamdscan is used as virus check application, which is
  faster than clamscan as the file is being passed over for scanning to
  clam daemon. However it requires specific permission settings, namely
  clamd user that runs daemon should be able to access the file.
  Changing the file mode to make it readable to others, which is
  currently in use, is not sufficient in some cases, e.g. when data
  directory is accessible solely  to www-data user. Clamd user will only
  be able to access the file, if each directory it traverses has exec
  permission for the matching group (likely 'others' in this case) and
  able to read the destination file.

  To make clamdscan work, I suggest to use --fdpass parameter that
  passes the file descriptor permissions to clamd, which allows to scan
  given file irrespective of directory and file permissions (assuming
  the www-data user who initiates the scan has access to it, which is
  always the case).

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1168422/+subscriptions

References

[Bug 1168422] [NEW] clamdscan permission issues
From: Ruslan Kabalin, 2013-04-12