[Mediawiki-l] Setting up clamav for chrooted apache

Thu Sep 9 06:26:45 UTC 2010

Ok, for all those to come, the answer to antivirus not working with a chrooted apache can be found at http://de.php.net/manual/en/function.passthru.php#84773: you need a shell program inside the chroot too (duh!).  Mediawiki's function wfShellExec (line 2392 in GlobalFunctions.php) calls the php command 'passthru' which tries to execute a shell command.  Php tries to open a shell to execute clamdscan or clamscan so when it gives you a 127 (command not found) it's not necessarily saying that clamd(d)scan is not found, in this case it doesn't find a shell to use to execute clamd(d)scan and the 127 says 'shell not found'.

Recap: make sure that.......
the clamd(d)scan executable is inside the chroot and executable by the user that will call the program (so you can scan)
there is a shell program is executable inside the chroot (so you can execute the scanner)
there is hardlinked clamav.sock (or equivalent) socket for communicating with clamd outside of the chroot
there is a clamd.conf file to direct clam(d)scan to the right socket 
your $wgAntivirusSetup['command'] reads something like "/usr/local/bin/clamdscan --fdpass --no-summary" (otherwise scan's will fail with an error 2)
...... now all the messages from clamav work like they should!  Thanks Platonides.

-------- Original Message --------
From: Platonides <Platonides at gmail.com>
Apparently from: mediawiki-l-bounces at lists.wikimedia.org
To: mediawiki-l at lists.wikimedia.org
Subject: Re: [Mediawiki-l] Setting up clamav for chrooted apache
Date: Mon, 06 Sep 2010 00:25:24 +0200

> tojja at Safe-mail.net wrote:
> > Passing --fdpass or --stream to clamdscan works for calling up a scan on the command prompt however calling it through mediawiki (via the chrooted web user www) still fails with an error 127.  If I make a file called test.php containing:
> > <?php
> > define("MEDIAWIKI", "mediawiki");
> > require_once("/htdocs/w/includes/GlobalFunctions.php" );
> > $output = wfShellExec( "command=/usr/local/bin/clamdscan --fdpass --no-summary '/htdocs/file.txt' 2>&1, $exitCode );
> > echo "exitcode is $exitCode";
> > ?>
> > 
> > Executing "chroot -u www /var/www /usr/local/bin/clamdscan --fdpass --no-summary '/htdocs/file.txt' 2>&1" will work just fine but running the script will always fail with error 127.  Even substituting in the $output line something like wfShellExec( "/bin/echo 'hello world' > world.txt" ); will always fail with error 127 as well, despite echo being at /var/www/bin/echo and permissions readable and executable by the proper www user.  Appears that there may be something up with how mediawiki is executing shell commands, maybe I'm going about testing this the wrong way.
> > 
> > Thanks for the insight.
> 
> Exit code 127 is usually the shell not finding out the executable.
> Try removing command= from the beginning (you also miss the closing of
> the double quotes, by that seems an overlook on copying).
> 
> 
> _______________________________________________
> MediaWiki-l mailing list
> MediaWiki-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/mediawiki-l