SRU for clamav on intrepid (freshclam apparmor profile updates)

Bug #360655 reported by Jamie Strandboge
8
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
Undecided
Unassigned
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: clamav

1. The freshclam apparmor profile blocks clamav frontends, causing freshclam to not work
2. The bugs fixed have been addressed in Jaunty in the freshclam apparmor profile
3. debdiff for uploaded package is attached
4.
TEST CASE (/tmp):
1. mkdir /tmp/foo
2. freshclam --log=/tmp/foo/freshclam.log --datadir=/tmp/foo

TEST CASE (klamav):
TODO

TEST CASE (clamtk):
TODO

5. regression potential is considered very low, as the only change was to make apparmor less restrictive

Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Revision history for this message
Imre Gergely (cemc) wrote :

TEST CASE (klamav):
- install klamav 0.44 from Intrepid
- remove /home/user/.klamav
- run klamav 'for the first time', confirm the first dialogs about the database directory, and click 'Download' when presented with the 'Download Virus Database' dialog
- click some more OKs with quarantine dialog
- klamav starts, and gives an error message about the config file
- check /var/log/syslog, should see something like this:

Apr 14 00:08:13 utest-ii kernel: [95648.705680] type=1503 audit(1239656893.785:29): operation="inode_permission" requested_mask="r::" denied_mask="r::" fsuid=1000 name="/tmp/kde-gimre/klamavQzL8ia.tmp" pid=13182 profile="/usr/bin/freshclam"

This means that freshclam can't write it's temporary config file to /tmp/kde-<user>/.

Revision history for this message
Imre Gergely (cemc) wrote :

TEST CASE (clamtk):
- install clamtk 4.08 from intrepid-backports (3.11-1 from Intrepid does not use freshclam, added in 4.0)
- remove /home/user/.clamtk to start fresh
- run clamtk, select 'Single User', 'Save', 'Quit' at the Antivirus Signatures dialog
- go to Help / Update Signatures (or Ctrl+U), make sure 'Signature Updates' is checked and press 'Check for Updates'
- it will say 'Update failed' and when the following line should appear in /var/log/syslog:

Apr 14 00:34:46 utest-ii kernel: [97241.734831] type=1503 audit(1239658486.814:36): operation="inode_create" requested_mask="a::" denied_mask="a::" fsuid=1000 name="/home/gimre/.clamtk/db/freshclam.log" pid=14180 profile="/usr/bin/freshclam"

Freshclam can't download the signatures and can't write it's logfile to /home/<user>/.clamtk/db.

Revision history for this message
Martin Pitt (pitti) wrote :

Accepted clamav into intrepid-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in clamav (Ubuntu Intrepid):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Imre Gergely (cemc) wrote :

Tested with

clamtk 4.08-1~intrepid1 (from -backports)
klamav 0.44-3ubuntu2

The problem gets resolved, everything is working OK.

Changed in clamav (Ubuntu):
status: New → In Progress
Revision history for this message
Martin Pitt (pitti) wrote :

Can anyone please test the packages in intrepid-proposed? Otherwise I'll remove them from -proposed again.

Revision history for this message
Martin Pitt (pitti) wrote :

Karmic has 0.95, so I think the karmic task can be closed.

Changed in clamav (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Imre Gergely (cemc) wrote :

AFAIK I've tested the package in -proposed with the above testcases, see comment #5 .

Revision history for this message
Martin Pitt (pitti) wrote :

Ah, thanks Imre!

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.94.dfsg.2-1ubuntu0.5

---------------
clamav (0.94.dfsg.2-1ubuntu0.5) intrepid-proposed; urgency=low

  * Additional fixes to freshclam apparmor profile for clamtk (LP: #360655)
  * Add to clamd apparmor profile for qpsmtpd and p3scan support

 -- Scott Kitterman <email address hidden> Thu, 23 Apr 2009 00:37:04 -0400

Changed in clamav (Ubuntu Intrepid):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.