I was thinking it sounded like a chroot or mandatory access control
issue. If you work out the transition rules for SELinux, please share!
I've been working on getting AppArmor profiles defined for several of
the external applications we call. I'll add one for clamav, in case
that's an option for anyone.
On Wed, Oct 10, 2012 at 8:25 AM, John Horne <john.horne(a)plymouth.ac.uk> wrote:
On Wed, 2012-10-10 at 10:44 -0400, Dave Humphrey
wrote:
Error 127 is likely a "command not
found" (either the clamav or a
suitable shell to run it under). Error code 126 may be an
"insufficient permission" type of error (see
https://moodle.org/mod/forum/discuss.php?d=114926).
Yes, you are right with both of these.
Try the steps listed in the last message at:
http://www.gossamer-threads.com/lists/wiki/mediawiki/207889
which appears to discuss almost exactly the same issue you describe.
Similar maybe, but I'm using clamscan not clamdscan, and I'm not using a
chroot.
What I have done so far is set '$wgDebugToolbar = true;'. This provides
a debug toolbar at the bottom of the wiki page. Clicking on 'Debug log'
then shows the debug messages. Very handy :-)
I also set the $wgAntivirusSetup to just set the 'command', and set
'messagepattern' to '(.*)/sim'. (So comment out the 'codemap'
bit.) This
will basically match any output text from clamscan and dump it onto the
upload wiki page.
Having done that I then disabled SELinux, and could see that clamav was
having problems allocating memory. Mediwiki calls a 'ulimit4.sh' script
which sets the amount of memory the process can use (default=102400). I
set '$wgMaxShellMemory = 1024000;', and I could then upload the file :-)
The file itself is small, but the clamav databases are large.
Downside of course is that SELinux was disabled. I have tried setting
the SELinux boolean 'httpd_ssi_exec' to true, but that still causes the
clamscan to fail, but only gives the output as '1'. Most odd.
John.
--
John Horne Tel: +44 (0)1752 587287
Plymouth University, UK Fax: +44 (0)1752 587001
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l