Gentoo Forums :: View topic - proftpd-1.3.1_rc2-r3 with mod

proftpd-1.3.1_rc2-r3 with mod_clamav is broken[Solved]

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

dobrichkia
n00b
n00b

Joined: 16 Nov 2007
Posts: 3
Location: Bulgarian

Posted: Fri Nov 16, 2007 1:02 pm Post subject: proftpd-1.3.1_rc2-r3 with mod_clamav is broken[Solved]

emerge -pv proftpd

Code:

[ebuild R ] net-ftp/proftpd-1.3.1_rc2-r3 USE="clamav ipv6 ldap mysql ncurses nls opensslcrypt pam postgres radius ssl tcpd xinetd -acl -authfile -hardened -ifsession -noauthunix -rewrite (-selinux) -shaper -sitemisc -softquota -vroot" 0 kB

emerge proftpd and all good install.

After add in /etc/proftpd/proftpd.conf add:

Code:

#Mod_clamav
<IfModule mod_clamav.c>
ClamAV on
# ClamWarn on
ClamLocalSocket /var/run/clamav/clamd.sock
</IfModule>

After /etc/init.d/proftpd start

Code:

* Starting proftpd ... [ ok ]

tail -f /var/log/proftpd/

Code:

Nov 16 14:56:22 freeko proftpd[22318] freeko.sharcom.org: ProFTPD 1.3.1rc2 (devel) (built Fri Nov 16 14:42:23 EET 2007) standalone mode STARTUP

Now I start upload infected file "eicarcom2.zip" to ftp server, see mail log in proftpd.log

Code:

FTP session opened.
USER ceci_zmeia: Login successful.
Preparing to chroot to directory '/home/ftp_users/ceci_zmeia'
mod_clamav/0.4: error: /home/ftp_users/ceci_zmeia/films//films/eicarcom2.zip: lstat() failed. ERROR

File is upload, and Im think clamav don't work with proftpd :!:

Pls help

dobrichkia
n00b
n00b

Joined: 16 Nov 2007
Posts: 3
Location: Bulgarian

Posted: Sun Nov 18, 2007 8:20 pm Post subject: Hi

Code:

--- modules/mod_clamav_new.c.orig Sat Sep 29 15:34:01 2007
+++ modules/mod_clamav_new.c Mon Oct 1 17:34:04 2007
@@ -157,6 +157,7 @@
c = find_config(CURRENT_CONF, CONF_PARAM, "ClamWarn", TRUE);

/* Figure out the full path */
+#if 0
if(session.chroot_path) {
sstrncpy(fullpath, strcmp(pr_fs_getvwd(), "/") ?
pdircat(cmd->tmp_pool, session.chroot_path, pr_fs_getvwd(), NULL) :
@@ -164,6 +165,9 @@
} else {
sstrncpy(fullpath, pr_fs_getcwd(), 4096);
}
+#else
+ sstrncpy(fullpath, pdircat(cmd->tmp_pool, session.chroot_path, NULL, NULL), 4096);
+#endif
sstrcat(fullpath, "/", 4096 - strlen(fullpath));
sstrcat(fullpath, cmd->arg, 4096 - strlen(fullpath));

And now all work perfect

Code:

): FTP session closed.
Nov 18 22:15:22 freeko proftpd[24853] freeko.sharcom.org (192.168.10.130[192.168.10.130]): mod_clamav/0.4: warning: /home/ftp_users/ceci_zmeia//films/eicar_com.zip: Eicar-Test-Signature FOUND

dobrichkia
n00b
n00b

Joined: 16 Nov 2007
Posts: 3
Location: Bulgarian

Posted: Mon Nov 19, 2007 10:36 am Post subject: hi

Pls visit my web site: http://blog.sharcom.org _________________ My home http://blog.sharcom.org

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy