Retrying upload of denied file is successful.

[mjbroekman]

If a file upload is denied by mod_clamav, retrying the upload is successful. Not sure if this is a mod_clamav or a proftpd issue. I will be opening an issue with proftpd as well.

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put malicious.php
local: malicious.php remote: malicious.php
227 Entering Passive Mode (66,96,130,1,199,189)
150 Opening BINARY mode data connection for malicious.php
550-Virus Detected and Removed: JCDEF.PHP.BACKDOOR.GENEVAL-04N.UNOFFICIAL
550 malicious.php: Operation not permitted
69577 bytes sent in 0.173 secs (402.79 Kbytes/sec)
ftp> put malicious.php
local: malicious.php remote: malicious.php
227 Entering Passive Mode (66,96,130,1,62,17)
150 Opening BINARY mode data connection for malicious.php
226 Transfer complete
69577 bytes sent in 0.174 secs (400.18 Kbytes/sec)
ftp>

This is with proftpd 1.3.6 rc1 and mod_clamav 0.13

[mjbroekman]

ProFTPd bug report: http://bugs.proftpd.org/show_bug.cgi?id=4074

[jbenden]

I am unable to reproduce using the latest mod_clamav with either ProFTPd 1.3.5 or 1.3.5rc4.

Could you post your configuration file? Could you also post the output of ProFTPd debug logging. (run ProFTPd with -d 5)

[mjbroekman]

I am using the latest mod_clamav also. I was working with TJ on an issue and ended up using 1.3.6rc1 (from the proftpd GIT repo)

How much of the config file do you need? Just wondering because the config is pretty big (and we have around 100 virtual hosts).

Also, the debug output is 3MB in size. Is there someway to attach a file to the issue?

[jbenden]

I only need the relevant pieces and an idea of the modules in use.

For the debug log, you could gist it... Just a thought.

Maarten Broekman mailto:notifications@github.com
June 16, 2014 at 4:38 PM

How much of the config file do you need? Just wondering because the
config is pretty big (and we have around 100 virtual hosts).

Also, the debug output is 3MB in size. Is there someway to attach a
file to the issue?

—
Reply to this email directly or view it on GitHub
#3 (comment).

Maarten Broekman mailto:notifications@github.com
June 16, 2014 at 7:09 AM

If a file upload is denied by mod_clamav, retrying the upload is
successful. Not sure if this is a mod_clamav or a proftpd issue. I
will be opening an issue with proftpd as well.

Remote system type is UNIX.
Using binary mode to transfer files.
ftp> put malicious.php
local: malicious.php remote: malicious.php
227 Entering Passive Mode (66,96,130,1,199,189)
150 Opening BINARY mode data connection for malicious.php
550-Virus Detected and Removed: JCDEF.PHP.BACKDOOR.GENEVAL-04N.UNOFFICIAL
550 malicious.php: Operation not permitted
69577 bytes sent in 0.173 secs (402.79 Kbytes/sec)
ftp> put malicious.php
local: malicious.php remote: malicious.php
227 Entering Passive Mode (66,96,130,1,62,17)
150 Opening BINARY mode data connection for malicious.php
226 Transfer complete
69577 bytes sent in 0.174 secs (400.18 Kbytes/sec)
ftp>

This is with proftpd 1.3.6 rc1 and mod_clamav 0.13

—
Reply to this email directly or view it on GitHub
#3.

[mjbroekman]

I'm having my user test again as I was unable to reproduce the problem. This might have been a firewall issue on the ftp server.

[mjbroekman]

This has been confirmed as a firewall issue. "Invalid" connections over the loopback interface were being rejected erroneously, which made it seem like clamd wasn't available.