14971 – virusfilter_vfs_openat: Not scanned: Directory or special file

Bug 14971 - virusfilter_vfs_openat: Not scanned: Directory or special file

Summary: virusfilter_vfs_openat: Not scanned: Directory or special file

Status:	RESOLVED FIXED

Alias:	None

Product:	Samba 4.1 and newer
Classification:	Unclassified
Component:	VFS Modules (show other bugs)
Version:	4.15.5
Hardware:	All All

Importance:	P5 normal (vote)
Target Milestone:	---
Assignee:	Jule Anger
QA Contact:	Samba QA Contact

URL:
Keywords:

Depends on:
Blocks:

Reported:	2022-02-08 20:45 UTC by Pavel Filipenský
Modified:	2022-04-04 12:51 UTC (History)
CC List:	3 users (show)

See Also:	https://gitlab.com/samba-team/samba/-/merge_requests/2370

Attachments
patch for v4-15 (19.06 KB, patch) 2022-02-11 15:11 UTC, Pavel Filipenský	jra: review-	Details
patch for v4-16 (19.06 KB, patch) 2022-02-11 15:14 UTC, Pavel Filipenský	jra: review-	Details
patch for v4-15 (19.59 KB, patch) 2022-02-11 19:04 UTC, Pavel Filipenský	asn: review+ jra: review+	Details
patch for v4-16 (19.59 KB, patch) 2022-02-11 19:05 UTC, Pavel Filipenský	asn: review+ jra: review+	Details
patch for v4-14 (18.57 KB, patch) 2022-02-22 10:43 UTC, Pavel Filipenský	asn: review+ jra: review+	Details
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Pavel Filipenský 2022-02-08 20:45:12 UTC

From  Denis Karpelevich:

I've setup Samba in RHEL8.4 to use ClamAV to scan files on open(). Samba v4.13.3 works fine and hands files over to ClamAV to be scanned. Trying to open an eicar.txt virus test file is successfully denied:
virusfilter_clamav_scan_init: clamd: Connected 
virusfilter_clamav_scan: Scanning file: /srv/virustest/eicar.txt
virusfilter_clamav_scan_end: clamd: Disconnecting
virusfilter_scan: Scan result: Infected: /srv/virustest/eicar.txt: Eicar-Signature
...

After upgrading to Samba v4.14.5 the file will not be scanned anymore. Output from debug log:
virusfilter_vfs_openat: Not scanned: Directory or special file: /srv/virustest/eicar.txt

I can't see why it should be some kind of special file now. S_ISREG reports type file correctly when testing with a simple C program.

Version-Release number of selected component (if applicable):
$ smbd -V
Version 4.14.5

How reproducible:
Upgrade from Samba 4.13.3 to 4.14.5

===========

Patch will follow.

Comment 1 Jeremy Allison 2022-02-08 21:13:30 UTC

Just a quick guess on the raw patch.

-------------------------------------
diff --git a/source3/modules/vfs_virusfilter.c b/source3/modules/vfs_virusfilter.c
index 524e7dfbad9..36988b7393e 100644
--- a/source3/modules/vfs_virusfilter.c
+++ b/source3/modules/vfs_virusfilter.c
@@ -1292,7 +1292,7 @@ static int virusfilter_vfs_openat(struct vfs_handle_struct *handle,
                 */
                goto virusfilter_vfs_open_next;
        }
-       ret = S_ISREG(smb_fname->st.st_ex_mode);
+       ret = S_ISREG(sbuf.st_ex_mode);
        if (ret == 0) {
                DBG_INFO("Not scanned: Directory or special file: %s/%s\n",
                         cwd_fname, fname);
---------------------------------------

Yeah ?

Comment 2 Pavel Filipenský 2022-02-08 21:53:36 UTC

Yeah ? ... Bingo !

Comment 3 Jeremy Allison 2022-02-08 21:58:35 UTC

(In reply to Pavel Fiipenský from comment #2)

But you also added tests ! This is *glorious* :-).

Comment 4 Samba QA Contact 2022-02-10 22:10:04 UTC

This bug was referenced in samba master:

9f34babec7c6aca3d91f226705d3b3996792e5f1
2fd518e5cc63221c162c9b3f8526b9b7c9e34969
547b4c595a8513a4be99177edbaa39ce43840f7a
a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544
3f1c958f6fa9d2991185f4e281a377a295d09f9c

Comment 5 Pavel Filipenský 2022-02-11 15:11:24 UTC

Created attachment 17157 [details]
patch for v4-15

cherry-picked from master

Comment 6 Pavel Filipenský 2022-02-11 15:14:36 UTC

Created attachment 17158 [details]
patch for v4-16

cherry-picked from master

Comment 7 Jeremy Allison 2022-02-11 18:46:25 UTC

Comment on attachment 17158 [details]
patch for v4-16

This is *NOT* the version the went into master.

It still has the:

+static virusfilter_result virusfilter_dummy_scan(
+	struct vfs_handle_struct *handle,
+	struct virusfilter_config *config,
+	const struct files_struct *fsp,
+	char **reportp)
+{
+	char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
+	const char *fname = fsp->fsp_name->base_name;

code in it. Please cherry-pick from the right place.

Comment 8 Jeremy Allison 2022-02-11 18:46:44 UTC

Comment on attachment 17157 [details]
patch for v4-15

This is *NOT* the version the went into master.

It still has the:

+static virusfilter_result virusfilter_dummy_scan(
+	struct vfs_handle_struct *handle,
+	struct virusfilter_config *config,
+	const struct files_struct *fsp,
+	char **reportp)
+{
+	char *cwd_fname = fsp->conn->cwd_fsp->fsp_name->base_name;
+	const char *fname = fsp->fsp_name->base_name;

code in it. Please cherry-pick from the right place.

Comment 9 Pavel Filipenský 2022-02-11 19:04:59 UTC

Created attachment 17159 [details]
patch for v4-15

Now cherry-pick from origin/master

Comment 10 Pavel Filipenský 2022-02-11 19:05:59 UTC

Created attachment 17160 [details]
patch for v4-16

cherry-picked from origin/master

Comment 11 Andreas Schneider 2022-02-14 10:28:12 UTC

Jule, please apply the patches to the corresponding branches. Thanks! :-)

Comment 12 Jule Anger 2022-02-14 10:34:24 UTC

Pushed to autobuild-v4-{16,15}-test.

Comment 13 Samba QA Contact 2022-02-14 11:36:04 UTC

This bug was referenced in samba v4-15-test:

b78a62a1f9f501b400366710d571765afe66277a
517266c75d071d41b33042db164f4f1cb7b3a5d3
a117fca9196e83640cec1c36ea90516afec8114b
a47cc2161569557bdb5c8c4ab896dd727e2de999
1d0ba38822398f9df66ca9e1b6e620d07b026c92

Comment 14 Samba QA Contact 2022-02-14 14:27:04 UTC

This bug was referenced in samba v4-16-test:

174fcd9f6b34fcbb7dfe1571097118bdc82ae2f6
db32ea07caa75623d0e4e82cd7971e50dc53dc99
e95306ed8e3023419bef683264d7232a17d3eb8d
63f6fac589e0fb210521e80111f53a8914a5f1a0
e1e2bae551ebf031634c3b33a7fe3cb9fad7e8ee

Comment 15 Jule Anger 2022-02-14 15:25:58 UTC

Closing out bug report.

Thanks!

Comment 16 Samba QA Contact 2022-02-15 07:55:42 UTC

This bug was referenced in samba v4-16-stable (Release samba-4.16.0rc3):

174fcd9f6b34fcbb7dfe1571097118bdc82ae2f6
db32ea07caa75623d0e4e82cd7971e50dc53dc99
e95306ed8e3023419bef683264d7232a17d3eb8d
63f6fac589e0fb210521e80111f53a8914a5f1a0
e1e2bae551ebf031634c3b33a7fe3cb9fad7e8ee

Comment 17 Pavel Filipenský 2022-02-22 10:43:05 UTC

Created attachment 17174 [details]
patch for v4-14

It is fixing a regression of v4-14.

Comment 18 Andreas Schneider 2022-02-23 13:35:54 UTC

Comment on attachment 17174 [details]
patch for v4-14

LGTM

Comment 19 Jule Anger 2022-02-24 13:54:59 UTC

Pushed to autobuild-v4-14-test.

Comment 20 Samba QA Contact 2022-02-25 11:56:34 UTC

This bug was referenced in samba v4-14-test:

043f4b274b35417a60e6a2d21d50adfe2fca68f2
e7c419d83971ed4c0bde3768a9f37b12f16234c3
ae703cd4bcbab36c3b2c344405254f22b9c81e2c
babfb2279544a0052a02898ab25eee19fee3566c
3d90f070894dda79f77f72b72c9310a6d5f8d8af

Comment 21 Jule Anger 2022-02-25 16:01:25 UTC

Closing out bug report.

Thanks again!

Comment 22 Jeremy Allison 2022-02-28 20:35:22 UTC

Comment on attachment 17174 [details]
patch for v4-14

LGTM.

Comment 23 Samba QA Contact 2022-03-15 13:26:14 UTC

This bug was referenced in samba v4-15-stable (Release samba-4.15.6):

b78a62a1f9f501b400366710d571765afe66277a
517266c75d071d41b33042db164f4f1cb7b3a5d3
a117fca9196e83640cec1c36ea90516afec8114b
a47cc2161569557bdb5c8c4ab896dd727e2de999
1d0ba38822398f9df66ca9e1b6e620d07b026c92

Comment 24 Samba QA Contact 2022-04-04 12:51:07 UTC

This bug was referenced in samba v4-14-stable (Release samba-4.14.13):

043f4b274b35417a60e6a2d21d50adfe2fca68f2
e7c419d83971ed4c0bde3768a9f37b12f16234c3
ae703cd4bcbab36c3b2c344405254f22b9c81e2c
babfb2279544a0052a02898ab25eee19fee3566c
3d90f070894dda79f77f72b72c9310a6d5f8d8af