Package: amavisd-new; Maintainer for amavisd-new is Brian May <[email protected]>; Source for amavisd-new is src:amavisd-new (PTS, buildd, popcon).
Reported by: Max Techter <[email protected]>
Date: Mon, 24 Feb 2014 20:51:06 UTC
Severity: normal
Found in version amavisd-new/1:2.7.1-2
Reply or subscribe to this bug.
View this report as an mbox folder, status mbox, maintainer mbox
Report forwarded
to [email protected], Brian May <[email protected]>:
Bug#740004; Package amavisd-new.
(Mon, 24 Feb 2014 20:51:10 GMT) (full text, mbox, link).
Acknowledgement sent
to Max Techter <[email protected]>:
New Bug report received and forwarded. Copy sent to Brian May <[email protected]>.
(Mon, 24 Feb 2014 20:51:10 GMT) (full text, mbox, link).
Message #5 received at [email protected] (full text, mbox, reply):
Package: amavisd-new
Version: 1:2.7.1-2
Severity: normal
Hi,
in the debian package in /etc/amavis/conf.d/15-av_scanners we have:
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],
in the upstream source in ./amavisd-new-2.7.1/amavisd.conf we have:
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ],
configuring
['Sophos SAVI', \&sophos_savi ],
I end up with: `ALL VIRUS SCANNERS FAILED' in ./mail.log, due to `&Amavis::Conf::sophos_savi' being Undefined:
Creating db in /var/lib/amavis/db/; BerkeleyDB 0.51, libdb 5.1
(!)Sophos SAVI av-scanner FAILED: Undefined subroutine &Amavis::Conf::sophos_savi called at (eval 117)[/usr/sbin/amavisd-new:15931] line 939.
(!)WARN: all primary virus scanners failed, considering backups
(!!)AV: ALL VIRUS SCANNERS FAILED
configuring
['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ],
there seems to be no problem, SAVI does its job.
Starting as `/etc/init.d/amavis debug'
telneting a test mail leads to debug output
invoking av-scanner Sophos SAVI
ask_daemon: proto=savi-perl, spawn=0, (Sophos SAVI) savi-perl:
run_av (Sophos SAVI): query template(1,0): *
get_deadline run_av_pre - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_pre: timer 336, was 336, deadline in 479.9 s
get_deadline run_av_scan - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_scan: timer 336, was 336, deadline in 479.9 s
run_av Using (Sophos SAVI): (code) p001
get_deadline run_av_3 - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_3: timer 336, was 336, deadline in 479.9 s
run_av (Sophos SAVI) result: CLEAN p001
run_av (Sophos SAVI): CLEAN
run_av (Sophos SAVI) result: clean
telneting an eicar test mail leads to debug output
invoking av-scanner Sophos SAVI
ask_daemon: proto=savi-perl, spawn=0, (Sophos SAVI) savi-perl:
run_av (Sophos SAVI): query template(1,0): *
get_deadline run_av_pre - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_pre: timer 336, was 336, deadline in 479.9 s
get_deadline run_av_scan - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_scan: timer 336, was 336, deadline in 479.9 s
run_av Using (Sophos SAVI): (code) p001
get_deadline run_av_3 - deadline in 479.9 s, set to 336.000 s
prolong_timer run_av_3: timer 336, was 336, deadline in 479.9 s
run_av (Sophos SAVI) result: EICAR-AV-Test FOUND
run_av (Sophos SAVI): p001 INFECTED: EICAR-AV-Test
lookup_re("EICAR-AV-Test"), no matches
lookup [virus_name_to_spam_score] => undef, "EICAR-AV-Test" does not match
virus_scan: (EICAR-AV-Test), detected by 1 scanners: Sophos SAVI
ie. in /etc/amavis/conf.d/15-av_scanners
it should be, as in the upstream conf file:
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ],
instead of
# ### http://www.csupomona.edu/~henson/www/projects/SAVI-Perl/
# ['Sophos SAVI', \&sophos_savi ],
regards
max.
-- System Information:
Debian Release: 7.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-4-686-pae (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Versions of packages amavisd-new depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.49
ii file 5.11-2+deb7u1
ii libarchive-zip-perl 1.30-6
ii libberkeleydb-perl 0.51-1
ii libconvert-tnef-perl 0.17-11
ii libconvert-uulib-perl 1:1.4~dfsg-1+b1
pn libdigest-md5-perl <none>
ii libio-stringy-perl 2.110-5
ii libmail-dkim-perl 0.39-1
ii libmailtools-perl 2.09-1
pn libmime-base64-perl <none>
ii libmime-tools-perl 5.503-1
ii libnet-server-perl 2.006-1+deb7u1
ii libunix-syslog-perl 1.1-2+b2
ii pax 1:20120606-2
ii perl [libtime-hires-perl] 5.14.2-21+deb7u1
ii perl-modules [libarchive-tar-perl] 5.14.2-21+deb7u1
Versions of packages amavisd-new recommends:
ii altermime 0.3.10-7
pn libnet-patricial-perl <none>
ii ripole 0.2.0+20081101.0215-1
Versions of packages amavisd-new suggests:
ii apt-listchanges 2.85.11
pn arj <none>
pn cabextract <none>
pn clamav <none>
pn clamav-daemon <none>
ii cpio 2.11+dfsg-0.1
pn dspam <none>
pn lha <none>
pn lhasa <none>
pn libauthen-sasl-perl <none>
pn libdbi-perl <none>
ii libmail-dkim-perl 0.39-1
pn libnet-ldap-perl <none>
pn libsnmp-perl <none>
pn lzop <none>
pn nomarch <none>
pn p7zip <none>
pn rpm <none>
pn spamassassin <none>
pn unrar <none>
pn unrar-free <none>
pn zoo <none>
-- Configuration Files:
/etc/amavis/conf.d/15-av_scanners changed:
use strict;
@av_scanners = (
['Sophos SAVI', \&ask_daemon, ['{}','savi-perl:'] ],
### http://www.kaspersky.com/ (kav4mailservers)
['KasperskyLab AVP - aveclient',
['/usr/local/kav/bin/aveclient','/usr/local/share/kav/bin/aveclient',
'/opt/kav/5.5/kav4mailservers/bin/aveclient','aveclient'],
'-p /var/run/aveserver -s {}/*',
[0,3,6,8], qr/\b(INFECTED|SUSPICION|SUSPICIOUS)\b/m,
qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.+)/m,
],
# NOTE: one may prefer [0],[2,3,4,5], depending on how suspicious,
# currupted or protected archives are to be handled
### http://www.kaspersky.com/
['KasperskyLab AntiViral Toolkit Pro (AVP)', ['avp'],
'-* -P -B -Y -O- {}', [0,3,6,8], [2,4], # any use for -A -K ?
qr/infected: (.+)/m,
sub {chdir('/opt/AVP') or die "Can't chdir to AVP: $!"},
sub {chdir($TEMPBASE) or die "Can't chdir back to $TEMPBASE $!"},
],
### The kavdaemon and AVPDaemonClient have been removed from Kasperky
### products and replaced by aveserver and aveclient
['KasperskyLab AVPDaemonClient',
[ '/opt/AVP/kavdaemon', 'kavdaemon',
'/opt/AVP/AvpDaemonClient', 'AvpDaemonClient',
'/opt/AVP/AvpTeamDream', 'AvpTeamDream',
'/opt/AVP/avpdc', 'avpdc' ],
"-f=$TEMPBASE {}", [0,8], [3,4,5,6], qr/infected: ([^\r\n]+)/m ],
# change the startup-script in /etc/init.d/kavd to:
# DPARMS="-* -Y -dl -f=/var/amavis /var/amavis"
# (or perhaps: DPARMS="-I0 -Y -* /var/amavis" )
# adjusting /var/amavis above to match your $TEMPBASE.
# The '-f=/var/amavis' is needed if not running it as root, so it
# can find, read, and write its pid file, etc., see 'man kavdaemon'.
# defUnix.prf: there must be an entry "*/var/amavis" (or whatever
# directory $TEMPBASE specifies) in the 'Names=' section.
# cd /opt/AVP/DaemonClients; configure; cd Sample; make
# cp AvpDaemonClient /opt/AVP/
# su - vscan -c "${PREFIX}/kavdaemon ${DPARMS}"
### http://www.centralcommand.com/
['CentralCommand Vexira (new) vascan',
['vascan','/usr/lib/Vexira/vascan'],
"-a s --timeout=60 --temp=$TEMPBASE -y $QUARANTINEDIR ".
"--log=/var/log/vascan.log {}",
[0,3], [1,2,5],
qr/(?x)^\s* (?:virus|iworm|macro|mutant|sequence|trojan)\ found:\ ( [^\]\s']+ )\ \.\.\.\ /m ],
# Adjust the path of the binary and the virus database as needed.
# 'vascan' does not allow to have the temp directory to be the same as
# the quarantine directory, and the quarantine option can not be disabled.
# If $QUARANTINEDIR is not used, then another directory must be specified
# to appease 'vascan'. Move status 3 to the second list if password
# protected files are to be considered infected.
### http://www.avira.com/
### Avira AntiVir (formerly H+BEDV) or (old) CentralCommand Vexira Antivirus
['Avira AntiVir', ['antivir','vexira'],
'--allfiles -noboot -nombr -rs -s -z {}', [0], qr/ALERT:|VIRUS:/m,
qr/(?x)^\s* (?: ALERT: \s* (?: \[ | [^']* ' ) |
(?i) VIRUS:\ .*?\ virus\ '?) ( [^\]\s']+ )/m ],
# NOTE: if you only have a demo version, remove -z and add 214, as in:
# '--allfiles -noboot -nombr -rs -s {}', [0,214], qr/ALERT:|VIRUS:/,
### http://www.commandsoftware.com/
['Command AntiVirus for Linux', 'csav',
'-all -archive -packed {}', [50], [51,52,53],
qr/Infection: (.+)/m ],
### http://www.symantec.com/
['Symantec CarrierScan via Symantec CommandLineScanner',
'cscmdline', '-a scan -i 1 -v -s 127.0.0.1:7777 {}',
qr/^Files Infected:\s+0$/m, qr/^Infected\b/m,
qr/^(?:Info|Virus Name):\s+(.+)/m ],
### http://www.symantec.com/
['Symantec AntiVirus Scan Engine',
'savsecls', '-server 127.0.0.1:7777 -mode scanrepair -details -verbose {}',
[0], qr/^Infected\b/m,
qr/^(?:Info|Virus Name):\s+(.+)/m ],
# NOTE: check options and patterns to see which entry better applies
### http://www.f-secure.com/products/anti-virus/ version 5.52
['F-Secure Antivirus for Linux servers',
['/opt/f-secure/fsav/bin/fsav', 'fsav'],
'--virus-action1=report --archive=yes --auto=yes '.
'--dumb=yes --list=no --mime=yes {}', [0], [3,4,6,8],
qr/(?:infection|Infected|Suspected|Riskware): (.+)/m ],
# NOTE: internal archive handling may be switched off by '--archive=no'
# to prevent fsav from exiting with status 9 on broken archives
['CAI InoculateIT', 'inocucmd', # retired product
'-sec -nex {}', [0], [100],
qr/was infected by virus (.+)/m ],
# see: http://www.flatmtn.com/computer/Linux-Antivirus_CAI.html
### http://www3.ca.com/Solutions/Product.asp?ID=156 (ex InoculateIT)
['CAI eTrust Antivirus', 'etrust-wrapper',
'-arc -nex -spm h {}', [0], [101],
qr/is infected by virus: (.+)/m ],
# NOTE: requires suid wrapper around inocmd32; consider flag: -mod reviewer
# see http://marc.theaimsgroup.com/?l=amavis-user&m=109229779912783
### http://mks.com.pl/english.html
['MkS_Vir for Linux (beta)', ['mks32','mks'],
'-s {}/*', [0], [1,2],
qr/--[ \t]*(.+)/m ],
### http://mks.com.pl/english.html
['MkS_Vir daemon', 'mksscan',
'-s -q {}', [0], [1..7],
qr/^... (\S+)/m ],
### http://www.eset.com/, version 3.0
['ESET Software ESETS Command Line Interface',
['/usr/bin/esets_cli', 'esets_cli'],
'--subdir {}', [0], [2,3],
qr/:\s*action="(?!accepted)[^"]*"\n.*:\s*virus="([^"]*)"/m ],
## http://www.nod32.com/, NOD32LFS version 2.5 and above
['ESET NOD32 for Linux File servers',
['/opt/eset/nod32/sbin/nod32','nod32'],
'--files -z --mail --sfx --rtp --adware --unsafe --pattern --heur '.
'-w -a --action=1 -b {}',
[0], [1,10], qr/^object=.*, virus="(.*?)",/m ],
### http://www.norman.com/products_nvc.shtml
['Norman Virus Control v5 / Linux', 'nvcc',
'-c -l:0 -s -u -temp:$TEMPBASE {}', [0,10,11], [1,2,14],
qr/(?i).* virus in .* -> \'(.+)\'/m ],
### http://www.pandasoftware.com/
['Panda CommandLineSecure 9 for Linux',
['/opt/pavcl/usr/bin/pavcl','pavcl'],
'-auto -aex -heu -cmp -nbr -nor -nos -eng -nob {}',
qr/Number of files infected[ .]*: 0+(?!\d)/m,
qr/Number of files infected[ .]*: 0*[1-9]/m,
qr/Found virus :\s*(\S+)/m ],
# NOTE: for efficiency, start the Panda in resident mode with 'pavcl -tsr'
# before starting amavisd - the bases are then loaded only once at startup.
# To reload bases in a signature update script:
# /opt/pavcl/usr/bin/pavcl -tsr -ulr; /opt/pavcl/usr/bin/pavcl -tsr
# Please review other options of pavcl, for example:
# -nomalw, -nojoke, -nodial, -nohackt, -nospyw, -nocookies
### http://www.nai.com/
['NAI McAfee AntiVirus (uvscan)', 'uvscan',
'--secure -rv --mime --summary --noboot - {}', [0], [13],
qr/(?x) Found (?:
\ the\ (.+)\ (?:virus|trojan) |
\ (?:virus|trojan)\ or\ variant\ ([^ ]+) |
:\ (.+)\ NOT\ a\ virus)/m,
# sub {$ENV{LD_PRELOAD}='/lib/libc.so.6'},
# sub {delete $ENV{LD_PRELOAD}},
],
# NOTE1: with RH9: force the dynamic linker to look at /lib/libc.so.6 before
# anything else by setting environment variable LD_PRELOAD=/lib/libc.so.6
# and then clear it when finished to avoid confusing anything else.
# NOTE2: to treat encrypted files as viruses replace the [13] with:
# qr/^\s{5,}(Found|is password-protected|.*(virus|trojan))/
### http://www.virusbuster.hu/en/
['VirusBuster', ['vbuster', 'vbengcl'],
"{} -ss -i '*' -log=$MYHOME/vbuster.log", [0], [1],
qr/: '(.*)' - Virus/m ],
# VirusBuster Ltd. does not support the daemon version for the workstation
# engine (vbuster-eng-1.12-linux-i386-libc6.tgz) any longer. The names of
# binaries, some parameters AND return codes have changed (from 3 to 1).
# See also the new Vexira entry 'vascan' which is possibly related.
### http://www.cyber.com/
['CyberSoft VFind', 'vfind',
'--vexit {}/*', [0], [23], qr/##==>>>> VIRUS ID: CVDL (.+)/m,
# sub {$ENV{VSTK_HOME}='/usr/lib/vstk'},
],
### http://www.avast.com/
['avast! Antivirus', ['/usr/bin/avastcmd','avastcmd'],
'-a -i -n -t=A {}', [0], [1], qr/\binfected by:\s+([^ \t\n\[\]]+)/m ],
### http://www.ikarus-software.com/
['Ikarus AntiVirus for Linux', 'ikarus',
'{}', [0], [40], qr/Signature (.+) found/m ],
### http://www.bitdefender.com/
['BitDefender', 'bdscan', # new version
'--action=ignore --no-list {}', qr/^Infected files *:0+(?!\d)/m,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
### http://www.bitdefender.com/
['BitDefender', 'bdc', # old version
'--arc --mail {}', qr/^Infected files *:0+(?!\d)/m,
qr/^(?:Infected files|Identified viruses|Suspect files) *:0*[1-9]/m,
qr/(?:suspected|infected): (.*)(?:\033|$)/m ],
# consider also: --all --nowarn --alev=15 --flev=15. The --all argument may
# not apply to your version of bdc, check documentation and see 'bdc --help'
### ArcaVir for Linux and Unix http://www.arcabit.pl/
['ArcaVir for Linux', ['arcacmd','arcacmd.static'],
'-v 1 -summary 0 -s {}', [0], [1,2],
qr/(?:VIR|WIR):[ \t]*(.+)/m ],
);
@av_scanners_backup = (
### http://www.clamav.net/ - backs up clamd or Mail::ClamAV
['ClamAV-clamscan', 'clamscan',
"--stdout --no-summary -r --tempdir=$TEMPBASE {}",
[0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
### http://www.f-prot.com/ - backs up F-Prot Daemon, V6
['F-PROT Antivirus for UNIX', ['fpscan'],
'--report --mount --adware {}', # consider: --applications -s 4 -u 3 -z 10
[0,8,64], [1,2,3, 4+1,4+2,4+3, 8+1,8+2,8+3, 12+1,12+2,12+3],
qr/^\[Found\s+[^\]]*\]\s+<([^ \t(>]*)/m ],
### http://www.f-prot.com/ - backs up F-Prot Daemon (old)
['FRISK F-Prot Antivirus', ['f-prot','f-prot.sh'],
'-dumb -archive -packed {}', [0,8], [3,6], # or: [0], [3,6,8],
qr/(?:Infection:|security risk named) (.+)|\s+contains\s+(.+)$/m ],
### http://www.trendmicro.com/ - backs up Trophie
['Trend Micro FileScanner', ['/etc/iscan/vscan','vscan'],
'-za -a {}', [0], qr/Found virus/m, qr/Found virus (.+) in/m ],
### http://www.sald.com/, http://drweb.imshop.de/ - backs up DrWebD
['drweb - DrWeb Antivirus', # security LHA hole in Dr.Web 4.33 and earlier
['/usr/local/drweb/drweb', '/opt/drweb/drweb', 'drweb'],
'-path={} -al -go -ot -cn -upn -ok-',
[0,32], [1,9,33], qr' infected (?:with|by)(?: virus)? (.*)$'m ],
### http://www.kaspersky.com/
['Kaspersky Antivirus v5.5',
['/opt/kaspersky/kav4fs/bin/kav4fs-kavscanner',
'/opt/kav/5.5/kav4unix/bin/kavscanner',
'/opt/kav/5.5/kav4mailservers/bin/kavscanner', 'kavscanner'],
'-i0 -xn -xp -mn -R -ePASBME {}/*', [0,10,15], [5,20,21,25],
qr/(?:INFECTED|WARNING|SUSPICION|SUSPICIOUS) (.*)/m,
],
);
1; # ensure a defined return
/etc/amavis/conf.d/15-content_filter_mode changed:
use strict;
@bypass_virus_checks_maps = (
\%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
1; # ensure a defined return
/etc/init.d/amavis changed:
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/amavisd-new
DAEMON2=/usr/bin/perl
NAME=amavisd
DAEMONNAME=amavisd-new
DESC=amavisd
PIDFILE=/var/run/amavis/${NAME}.pid
. /lib/lsb/init-functions
test -f ${DAEMON} || exit 0
set -e
START="--start --quiet --pidfile $PIDFILE --startas ${DAEMON}"
STOP="--stop --quiet --pidfile $PIDFILE"
PARAMS=
check_noncompatible_upgrade() {
for i in /etc/amavisd.conf /etc/amavis/amavisd.conf ; do
if [ -e "${i}.disabled" ] ; then
echo "Found incompatible config file flag!" >&2
echo "Due to safety concerns, amavisd-new will not be started." >&2
echo "Refer to /usr/share/doc/amavisd-new/README.Debian for instructions." >&2
exit 1
fi
done
}
createdir() {
[ -d "$4" ] || mkdir -p "$4"
chown -c -h "$1:$2" "$4"
chmod -c "$3" "$4"
}
fixdirs() {
dir=$(dpkg-statoverride --list /var/run/amavis) || {
echo "You are missing a dpkg-statoverride on /var/run/amavis. Fix it, otherwise you risk silent breakage on upgrades." >&2
exit 1
}
[ -z "$dir" ] || createdir $dir
:
}
cleanup() {
[ -d /var/lib/amavis ] &&
find /var/lib/amavis -maxdepth 1 -name 'amavis-*' -type d \
-exec rm -rf "{}" \; >/dev/null 2>&1 || true
[ -d /var/lib/amavis/tmp ] &&
find /var/lib/amavis/tmp -maxdepth 1 -name 'amavis-*' -type d \
-exec rm -rf "{}" \; >/dev/null 2>&1 || true
:
}
case "$1" in
start)
echo -n "Starting $DESC: "
fixdirs
check_noncompatible_upgrade
if start-stop-daemon ${START} -- ${PARAMS} start >/dev/null ; then
echo "amavisd-new."
else
if start-stop-daemon --test ${START} >/dev/null 2>&1; then
echo "(failed)."
exit 1
else
echo "(already running)."
exit 0
fi
fi
;;
stop)
echo -n "Stopping $DESC: "
if start-stop-daemon ${STOP} --retry 10 >/dev/null ; then
cleanup
echo "amavisd-new."
else
if start-stop-daemon --test ${START} >/dev/null 2>&1; then
echo "(not running)."
exit 0
else
echo "(failed)."
exit 1
fi
fi
;;
restart|force-reload)
$0 stop
exec $0 start
;;
debug|debug-sa)
mode="$1"
echo "Trying to run amavisd-new in ${mode} mode..."
fixdirs
check_noncompatible_upgrade
exec ${DAEMON} ${PARAMS} "${mode}"
;;
status)
status_of_proc -p $PIDFILE $DAEMON $NAME && exit 0 || exit $?
;;
*)
N=/etc/init.d/amavis
#echo "Usage: $N {start|stop|restart|reload|force-reload|debug}" >&2
echo "Usage: $N {start|stop|restart|force-reload|status|debug}" >&2
exit 1
;;
esac
exit 0
-- debconf information:
amavisd-new/outdated_config_style_warning:
Send a report that this bug log contains spam.
Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.