Bug 25940

Summary: clamav: wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy (rhbz#1733112)
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: critical    
Priority: Normal CC: andrewsfarm, herman.viaene, nicolas.salguero, sysadmin-bugs, tmb
Version: 7Keywords: advisory, validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA7-64-OK
Source RPM: clamav-0.101.5-1.1.mga7.src.rpm CVE:
Status comment:

Description David Walser 2019-12-23 22:27:50 CET 
Fedora has issued an advisory on August 15:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2VA3SW62UWYAW52LVXEWN2KHAB7VTN2V/

Our package has 644 for the permissions, but it should be 600.

Mageia 7 is also affected.
David Walser 2019-12-23 22:28:05 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Nicolas Salguero 2019-12-24 14:19:56 CET 
Suggested advisory:
========================

The updated packages fix an issue:

Wrong permissions on /etc/freshclam.conf prevent freshclam usage with authenticated proxy. (rhbz#1733112)

References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/2VA3SW62UWYAW52LVXEWN2KHAB7VTN2V/
========================

Updated packages in core/updates_testing:
========================
clamav-0.101.5-1.2.mga7
clamd-0.101.5-1.2.mga7
clamav-milter-0.101.5-1.2.mga7
clamav-db-0.101.5-1.2.mga7
lib(64)clamav9-0.101.5-1.2.mga7
lib(64)clamav-devel-0.101.5-1.2.mga7

from SRPMS:
clamav-0.101.5-1.2.mga7.src.rpm

Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs
Status: NEW => ASSIGNED
Source RPM: clamav-0.101.4-3.mga8.src.rpm => clamav-0.101.5-1.1.mga7.src.rpm
CC: (none) => nicolas.salguero

Comment 2 Herman Viaene 2019-12-28 13:39:07 CET 
MGA7-64 Plasma on Lenovo B50
No installation issues
Ref bug 25754 for tests
# ls -als /etc/freshclam.conf 
8 -rw------- 1 root root 6392 dec 24 13:59 /etc/freshclam.conf

# freshclam 
ClamAV update process started at Sat Dec 28 13:33:02 2019
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.101.5 Recommended version: 0.102.1
DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
etc ....
and 
# clamscan -vr
loads of files and at the end.
----------- SCAN SUMMARY -----------
Known viruses: 6636751
Engine version: 0.101.5
Scanned directories: 278
Scanned files: 1459
Infected files: 0
Data scanned: 33.53 MB
Data read: 17.67 MB (ratio 1.90:1)
Time: 25.257 sec (0 m 25 s)

I could also start the clamav-daemon, clamav-freshclam and clamav-milter services.
Looks good.

Whiteboard: (none) => MGA7-64-OK
CC: (none) => herman.viaene

Comment 3 Thomas Andrews 2019-12-29 19:22:32 CET 
Validated. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Thomas Backlund 2019-12-31 17:03:21 CET

Keywords: (none) => advisory
CC: (none) => tmb

Comment 4 Mageia Robot 2019-12-31 17:52:43 CET 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2019-0418.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED