security/antivir-milter won't start correctly

Martin P. Hellwig mhellwig at xs4all.nl
Sat Mar 6 06:31:24 PST 2004 

Marius Strobl wrote:

>Actually I had to do both here on 5.2-current to always get a working
>state after reboot/restart. On 4.8-stable I only managed to hit the
>"local socket unsafe" problem once and the socket never disappeared.
>Both problems are strange, as Sendmail really expects the socket to
>be owned by smmsp:smmsp according to the source so it never should
>have worked and I'm not sure why the socket gets removed when not
>launching the milter in the background.
>Anyway, the port finally is changed accordingly, please follow the
>update instructions given in ports/UPDATING.
>  
>
Thanks Marius for updating.
These is really strange behaviour by sendmail (is it indeed in sendmail 
or is it in 5?) but I'm glade there is a solution.
I have tested the port on 5.2.1 (after removing everything except the 
license) and found it working all right.
I'm still confused why it works at the other testbed without changing 
the usergroup to smmsp, but if the masters say it must be smmsp so I 
will follow :-)
To Andrey: I'm sorry if I sounded like a non-believer but to my defence, 
I saw it with my own eyes :-)
I added the test results for the new port with 5.2.1 to this message.

Thanks,

Martin P. Hellwig
-------------- next part --------------
>>>ssh'ing to testlaptop and su<<<
# cat /etc/rc.conf 
usbd_enable="YES"
sshd_enable="YES"
hostname="lifebook"
sendmail_enable="YES"
pccard_enable="YES"
pccardd_flags="-z"

# uname -a
FreeBSD lifebook 5.2.1-RELEASE FreeBSD 5.2.1-RELEASE #0: Sat Feb 28 14:05:43 GMT 2004     root@:/usr/obj/usr/src/sys/LIFEBOOK  i386

# cd /usr/ports/security/antivir-milter/

# make
===>  Vulnerability check disabled
>> avfbmlt_beta.tgz doesn't seem to exist in /usr/ports/distfiles/.
>> Attempting to fetch from http://www.antivir.de/dateien/antivir/beta/freebsd/.
Receiving avfbmlt_beta.tgz (2530356 bytes): 100%
2530356 bytes transferred in 11.6 seconds (212.92 kBps)
===>  Extracting for antivir-milter-1.1.b
>> Checksum OK for avfbmlt_beta.tgz.
===>  Patching for antivir-milter-1.1.b
===>  Applying FreeBSD patches for antivir-milter-1.1.b
===>   antivir-milter-1.1.b depends on shared library: c.4 - found
===>  Configuring for antivir-milter-1.1.b
su-2.05b# make install
===>  Installing for antivir-milter-1.1.b
===>   antivir-milter-1.1.b depends on shared library: c.4 - found
===>   Generating temporary packing list
===>  Checking if security/antivir-milter already installed
===========================================================================

In order to configure Sendmail for this port add the following lines to
your SENDMAIL_MC:

INPUT_MAIL_FILTER(
        `antivir-milter',
        `S=unix:/var/spool/avmilter/avmilter.sock, F=T, T=S:10m;R:10m;E:10m'
)dnl

Don't forget to rebuild sendmail.cf and to restart Sendmail afterwards.

For automated updates of the anti-virus engine and the virus definition
file add the following line to your /etc/crontab:
25 0 * * * root /usr/local/sbin/antivirupdater -q

For full functionality of AntiVir Milter you need to obtain a license
key from H+BEDV Datentechnik GmbH. To install it, execute the following
commands:
cp hbedv.key /usr/local/AntiVir/
chown root:smmsp /usr/local/AntiVir/hbedv.key
chmod 440 /usr/local/AntiVir/hbedv.key

A license key for private (individual, non-commercial) use can be applied
for free of charge at:
http://www.antivir.de/order/privreg/linux.htm (German)
http://www.hbedv.com/private/ (English)

===========================================================================
===>   Registering installation for antivir-milter-1.1.b
===> SECURITY REPORT: 
      This port has installed the following files which may act as network
      servers and may therefore pose a remote security risk to the system.
/usr/local/sbin/avmilter
/usr/local/AntiVir/antivir-dist_avfbmlt (USES POSSIBLY INSECURE FUNCTIONS: tempnam)

      This port has installed the following startup scripts which may cause
      these network services to be started at boot time.
/usr/local/etc/rc.d/antivir-milter.sh

      If there are vulnerabilities in these programs there may be a security
      risk to the system. FreeBSD makes no guarantee about the security of
      ports included in the Ports Collection. Please type 'make deinstall'
      to deinstall the port if this is a concern.

      For more information, and contact details about the security
      status of this software, see the following webpage: 
http://www.hbedv.com/

# cd /etc/mail
# vi lifebook.mc
added: 
INPUT_MAIL_FILTER(
        `antivir-milter',
        `S=unix:/var/spool/avmilter/avmilter.sock, F=T, T=S:10m;R:10m;E:10m'
)dnl
:wq!
lifebook.mc: 96 lines, 4266 characters.

# make cf
/usr/bin/m4 -D_CF_DIR_=/usr/share/sendmail/cf/   /usr/share/sendmail/cf/m4/cf.m4 lifebook.mc > lifebook.cf
# cp lifebook.cf sendmail.cf
# cd /usr/local/       
# ls
AntiVir         bin             include         lib             libexec         sbin
AntiVir_old     etc             info            libdata         man             share
# cp AntiVir_old/hbedv.key AntiVir/
# chown root:smmsp AntiVir/hbedv.key 
# chmod 440 /usr/local/AntiVir/hbedv.key
# /usr/local/sbin/antivirupdater 
Warning: the file "antivir.vdf" is more than 14 days old
AntiVir / FreeBSD Version 2.0.9-15
Copyright (c) 1994-2004 by H+BEDV Datentechnik GmbH.
All rights reserved.

checking for updates

06.23.00.49 <=> 06.24.00.41 [vdf database, loaded]
06.23.00.49 <=> 06.24.00.41 [vdf database, on-disk]
06.23.00.03 <=> 06.24.00.06 [scan engine, running]
06.23.00.03 <=> 06.24.00.06 [scan engine, on-disk]
antivir.vdf 100% |****************************************************************| 1632 KB  204.10 KB/s   0:00 ETA
antivir 100% |********************************************************************|  317 KB  158.57 KB/s   0:00 ETA
06.24.00.41 <=> 06.24.00.41 [vdf database, on-disk]
06.24.00.06 <=> 06.24.00.06 [scan engine, on-disk]
reloading AntiVir mail scanner ... OK

scan engine  06.23.00.03 --> 06.24.00.06 (/usr/local/AntiVir/antivir)
vdf database 06.23.00.49 --> 06.24.00.41 (/usr/local/AntiVir/antivir.vdf)

AntiVir updated successfully
# ls /var/spool/avmilter/
incoming        outgoing        rejected
# /usr/local/etc/rc.d/antivir-milter.sh start
 antivir-milter# 
# ls /var/spool/avmilter/
avmilter.sock   incoming        outgoing        rejected
# /etc/rc.d/sendmail restart
Stopping sendmail.
Stopping sendmail_clientmqueue.
ps: kvm_getprocs: No such process
Starting sendmail.
ps: kvm_getprocs: No such process
ps: kvm_getprocs: No such process
# telnet localhost smtp
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lifebook ESMTP Sendmail 8.12.10/8.12.10; Sat, 6 Mar 2004 16:00:06 GMT
helo localhost
250 lifebook Hello localhost [127.0.0.1], pleased to meet you
mail from: martin at localhost
250 2.1.0 martin at localhost... Sender ok
rcpt to: root at localhost
250 2.1.5 root at localhost... Recipient ok
data
354 Enter mail, end with "." on a line by itself
test
.
250 2.0.0 i26G06hk001409 Message accepted for delivery
quit
221 2.0.0 lifebook closing connection
Connection closed by foreign host
#shutdown -r now
Shutdown NOW!
shutdown: [pid 1421]
#                                                                                
*** FINAL System shutdown message from martin at lifebook ***                   
System going down IMMEDIATELY                                                  
                                                                               
                                                                               

System shutdown time has arrived
Connection to 10.0.0.156 closed by remote host.
Connection to 10.0.0.156 closed.
>>>ssh'ing to testlaptop and su<<<
# ls /var/spool/avmilter/
avmilter.sock   incoming        outgoing        rejected
# telnet localhost smtp
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 lifebook ESMTP Sendmail 8.12.10/8.12.10; Sat, 6 Mar 2004 16:06:43 GMT
helo localhost
250 lifebook Hello localhost [127.0.0.1], pleased to meet you
mail from: martin at localhost
250 2.1.0 martin at localhost... Sender ok
rcpt to: root at localhost
250 2.1.5 root at localhost... Recipient ok
data
354 Enter mail, end with "." on a line by itself
test 2
.
250 2.0.0 i26G6hKW000530 Message accepted for delivery
quit
221 2.0.0 lifebook closing connection
Connection closed by foreign host.
b# whoami
root
-su-2.05b# mail
Mail version 8.1 6/6/93.  Type ? for help.
"/var/mail/root": 2 messages 2 new
>N  1 martin at lifebook       Sat Mar  6 16:00  15/534  
 N  2 martin at lifebook       Sat Mar  6 16:07  15/534  
& 
Message 1:
>From martin at lifebook Sat Mar  6 16:00:39 2004
Date: Sat, 6 Mar 2004 16:00:06 GMT
From: "Martin P. Hellwig" <martin at lifebook>
To: undisclosed-recipients:;
X-AntiVirus: checked by AntiVir Milter 1.1-beta; AVE 6.24.0.6; VDF 6.24.0.41
             (host: lifebook)

test

& 
Message 2:
>From martin at lifebook Sat Mar  6 16:07:10 2004
Date: Sat, 6 Mar 2004 16:06:43 GMT
From: "Martin P. Hellwig" <martin at lifebook>
To: undisclosed-recipients:;
X-AntiVirus: checked by AntiVir Milter 1.1-beta; AVE 6.24.0.6; VDF 6.24.0.41
             (host: lifebook)

test 2

& q
#

More information about the freebsd-ports mailing list