Ok, for all those to come, the answer to antivirus not working with a chrooted apache can
be found at
http://de.php.net/manual/en/function.passthru.php#84773: you need a shell
program inside the chroot too (duh!). Mediawiki's function wfShellExec (line 2392 in
GlobalFunctions.php) calls the php command 'passthru' which tries to execute a
shell command. Php tries to open a shell to execute clamdscan or clamscan so when it
gives you a 127 (command not found) it's not necessarily saying that clamd(d)scan is
not found, in this case it doesn't find a shell to use to execute clamd(d)scan and the
127 says 'shell not found'.
Recap: make sure that.......
the clamd(d)scan executable is inside the chroot and executable by the user that will call
the program (so you can scan)
there is a shell program is executable inside the chroot (so you can execute the scanner)
there is hardlinked clamav.sock (or equivalent) socket for communicating with clamd
outside of the chroot
there is a clamd.conf file to direct clam(d)scan to the right socket
your $wgAntivirusSetup['command'] reads something like
"/usr/local/bin/clamdscan --fdpass --no-summary" (otherwise scan's will fail
with an error 2)
...... now all the messages from clamav work like they should! Thanks Platonides.
-------- Original Message --------
From: Platonides <Platonides(a)gmail.com>
Apparently from: mediawiki-l-bounces(a)lists.wikimedia.org
To: mediawiki-l(a)lists.wikimedia.org
Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache
Date: Mon, 06 Sep 2010 00:25:24 +0200
tojja(a)Safe-mail.net wrote:
Passing --fdpass or --stream to clamdscan works
for calling up a scan on the command prompt however calling it through mediawiki (via the
chrooted web user www) still fails with an error 127. If I make a file called test.php
containing:
<?php
define("MEDIAWIKI", "mediawiki");
require_once("/htdocs/w/includes/GlobalFunctions.php" );
$output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass --no-summary
'/htdocs/file.txt' 2>&1, $exitCode );
echo "exitcode is $exitCode";
?>
Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass --no-summary
'/htdocs/file.txt' 2>&1" will work just fine but running the script
will always fail with error 127. Even substituting in the $output line something like
wfShellExec( "/bin/echo 'hello world' > world.txt" ); will always
fail with error 127 as well, despite echo being at /var/www/bin/echo and permissions
readable and executable by the proper www user. Appears that there may be something up
with how mediawiki is executing shell commands, maybe I'm going about testing this the
wrong way.
Thanks for the insight.
Exit code 127 is usually the shell not finding out the executable.
Try removing command= from the beginning (you also miss the closing of
the double quotes, by that seems an overlook on copying).
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l