Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ClamFailsafe returning to client FTP "Operation not permitted" when reaching the transfer size limit via stream "StreamMaxLength" from clamd.conf #13

Open
willyamcts opened this issue Sep 20, 2020 · 0 comments
Open

ClamFailsafe returning to client FTP "Operation not permitted" when reaching the transfer size limit via stream "StreamMaxLength" from clamd.conf #13

willyamcts opened this issue Sep 20, 2020 · 0 comments

Comments

@willyamcts
Copy link

Hi jbenden,

mod_clamav with directive "ClamFailsafe false" initiates the transfer of the file via stream for verification and when reaching the transfer size limit via stream (specified in clamad.conf in "StreamMaxLength") the transfer to the Clamav is interrupted, until this point everything is right.

But the file not to been completely scanned by Clamd, then is returns to the FTP client "Operation not permitted" but the directive "ClamFailsafe" does its job of keeping the file sent on the server.

Would be possible to remove such a return to the client? as this may generate doubts to user, such as imagining that the file go corrupted or something like that.

In clamd.conf:

StreamMaxLength 1000M

In proftpd.conf:

<IfModule mod_clamav.c>
  ClamAV        on
  ClamStream    on
  ClamServer    127.0.0.1
  ClamPort      3310
  ClamFailsafe  false
</IfModule>

./proftpd -n -d10:

2020-09-18 12:41:04,327 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'TYPE I' to mod_exec
2020-09-18 12:41:04,327 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'TYPE I' to mod_core
2020-09-18 12:41:04,327 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'TYPE I' to mod_core
2020-09-18 12:41:04,327 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching CMD command 'TYPE I' to mod_xfer
2020-09-18 12:41:04,327 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching POST_CMD command 'TYPE I' to mod_exec
2020-09-18 12:41:04,328 deb1 proftpd[10736] deb1 (10.1.1.1[10.1.1.1]): REVOKE PRIVS at mod_exec.c:489
2020-09-18 12:41:04,328 deb1 proftpd[10736] deb1 (10.1.1.1[10.1.1.1]): REVOKE PRIVS: unable to seteuid(): Operation not permitted
2020-09-18 12:41:04,329 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching LOG_CMD command 'TYPE I' to mod_log
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'PASV' to mod_exec
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'PASV' to mod_core
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'PASV' to mod_core
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching CMD command 'PASV' to mod_core
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): in dir_check_full(): path = '/', fullpath = '/home/ftp/'
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): Entering Passive Mode (10,1,1,1,195,92).
2020-09-18 12:41:04,330 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching POST_CMD command 'PASV' to mod_exec
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching LOG_CMD command 'PASV' to mod_log
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_exec
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_core
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_core
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching PRE_CMD command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_xfer
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): in dir_check_full(): path = '/pt_windows_7_professional_with_sp1_x64_dvd_u_676950', fullpath = '/home/ftp/pt_windows_7_professional_with_sp1_x64_dvd_u_676950'
2020-09-18 12:41:04,331 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): in dir_check_full(): setting umask to 0022 (was 0022)
2020-09-18 12:41:04,332 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching CMD command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_xfer
2020-09-18 12:41:04,332 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): passive data connection opened - local  : 10.1.1.1:50012
2020-09-18 12:41:04,332 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): passive data connection opened - remote : 10.1.1.1:49382
2020-09-18 12:41:04,488 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): ROOT PRIVS at mod_clamav.c:372
2020-09-18 12:41:04,488 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): ROOT PRIVS: ID switching disabled
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS at mod_clamav.c:430
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS: ID switching disabled
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Successfully reconnected to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,489 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
 ... The nexts lines idem ...
2020-09-18 12:41:04,677 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,677 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,677 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,677 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 4096 bytes (1048576, 4) to Clamd.
2020-09-18 12:41:04,677 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Streaming 2475 bytes (-1425473536, 4) to Clamd.
**2020-09-18 12:41:04,682 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: Clamd Error: INSTREAM size limit exceeded.**
2020-09-18 12:41:04,682 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): notice: error closing '(null)': Operation not permitted
2020-09-18 12:41:04,683 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): Transfer aborted after 17058219 bytes in 0.35 seconds
2020-09-18 12:41:04,683 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching POST_CMD_ERR command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_exec
2020-09-18 12:41:04,683 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching LOG_CMD_ERR command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_log
2020-09-18 12:41:04,683 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): dispatching LOG_CMD_ERR command 'STOR pt_windows_7_professional_with_sp1_x64_dvd_u_676950' to mod_xfer
^C2020-09-18 12:41:08,506 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): ProFTPD terminating (signal 2)
2020-09-18 12:41:08,506 deb1 proftpd[10328] 0.0.0.0 (10.1.1.1[10.1.1.1]): ProFTPD terminating (signal 2)
2020-09-18 12:41:08,506 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): notice: user user: aborting transfer: Data connection closed
2020-09-18 12:41:08,506 deb1 proftpd[10328] 0.0.0.0 (10.1.1.1[10.1.1.1]): mod_sftp/1.0.1: scrubbing 2 passphrases from memory
2020-09-18 12:41:08,506 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): -----BEGIN STACK TRACE-----
2020-09-18 12:41:08,506 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): -----END STACK TRACE-----
2020-09-18 12:41:08,507 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): ProFTPD terminating (signal 11)
2020-09-18 12:41:08,507 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): FTP session closed.
2020-09-18 12:41:08,507 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): ProFTPD terminating (signal 11)
2020-09-18 12:41:08,507 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): mod_clamav/0.14rc2: debug: disconnected from Clamd
2020-09-18 12:41:08,507 deb1 proftpd[10319] deb1: ProFTPD terminating (signal 2)
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): ROOT PRIVS at mod_exec.c:465
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): ROOT PRIVS: ID switching disabled
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS at mod_exec.c:467
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS: ID switching disabled
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): REVOKE PRIVS at mod_exec.c:489
2020-09-18 12:41:08,508 deb1 proftpd[10741] 0.0.0.0 (10.1.1.1[10.1.1.1]): REVOKE PRIVS: unable to seteuid(): Operation not permitted
2020-09-18 12:41:08,509 deb1 proftpd[10742] deb1 (10.1.1.1[10.1.1.1]): ROOT PRIVS at mod_exec.c:465
2020-09-18 12:41:08,509 deb1 proftpd[10742] deb1 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS at mod_exec.c:467
2020-09-18 12:41:08,509 deb1 proftpd[10742] deb1 (10.1.1.1[10.1.1.1]): RELINQUISH PRIVS: ID switching disabled
2020-09-18 12:41:08,509 deb1 proftpd[10742] deb1 (10.1.1.1[10.1.1.1]): REVOKE PRIVS at mod_exec.c:489
2020-09-18 12:41:08,509 deb1 proftpd[10742] deb1 (10.1.1.1[10.1.1.1]): REVOKE PRIVS: unable to seteuid(): Operation not permitted
2020-09-18 12:41:08,511 deb1 proftpd[10328] 0.0.0.0 (10.1.1.1[10.1.1.1]): SSH2 session closed.
2020-09-18 12:41:08,512 deb1 proftpd[10359] deb1 (10.1.1.1[10.1.1.1]): FTP session closed.
2020-09-18 12:41:08,708 deb1 proftpd[10319] deb1: ProFTPD killed (signal 2)
2020-09-18 12:41:08,708 deb1 proftpd[10319] deb1: ROOT PRIVS at signals.c:59
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: ROOT PRIVS at mod_ban.c:2994
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: RELINQUISH PRIVS at mod_ban.c:2996
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: mod_sftp/1.0.1: scrubbing 2 passphrases from memory
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: RELINQUISH PRIVS at signals.c:85
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: ProFTPD 1.3.7a standalone mode SHUTDOWN
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: ROOT PRIVS at signals.c:92
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: deleting existing scoreboard '/usr/local/proftpd/var/proftpd.scoreboard'
2020-09-18 12:41:08,709 deb1 proftpd[10319] deb1: RELINQUISH PRIVS at signals.c:94

Error in client FTP:

FileZilla:
mod_clamav-falha_verificacao3

WinSCP:
mod_clamav-falha_verificacao - winscp

Upload file minor than 1000M there is not a problem

Resources/version:

  • mod_clamav/0.14rc2
  • ProFTPD/1.3.7a
  • ClamAV/0.102.4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@willyamcts