Re: Bug#506353: lenny removal requests
Hi
"Gabor FUNK" <FUNK.Gabor@hunetkft.hu> writes:
>> mailscanner #506353
>> The maintainer Simon Walter writes:
>> In the current state the package should not be part of
>> the lenny release.
>> I'm in no position to fix all this. I'm not familiar enough with
>> the MailScanner sourcecode and I'm not able to test the changes I
>> would have to make, in particular to all the virusscanner scripts.
>> upstream apparently does not seem to, let's say, consider the tempfile
>> vulnerability a bug and does not seem to want to fix it.
>
> The mailscanner temp vulnerability seems to be fixed in upstream:
Yes, upstream has fixed the vulnerability, but not yet release a
stable (non-beta) version. Next stable release will be on 01.01.09 but
this release will also come with quite some features.
Noah Meyerhans from seacurity-team and I have been working on a
backport of the upstream fixes for mailscanner-4.68.8.
Current state of this work is: It works (MailScanner starts and scans
a simple textmail) but it's not well tested. There still need to be
done some testing with TNEF attachment, virus removal and some other
cases.
I currently don't Know when I will have the time to do this.
I have attached the diff against 4.68.8 debian package.
--
Regards
Simon Walter
diff -Naur mailscanner-4.68.8/debian/changelog mailscanner-4.68.8-1+lenny1-proposed/debian/changelog
--- mailscanner-4.68.8/debian/changelog 2008-12-24 23:29:01.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/changelog 2008-12-24 23:27:44.000000000 +0100
@@ -1,3 +1,11 @@
+mailscanner (4.68.8-1+lenny1) testing-proposed-updates; urgency=high
+
+ * Security upload to fix CVE-2008-5140, CVE-2008-5312, CVE-2008-5312
+ (insecure creation of files in /tmp)
+ Thanks Raphael Geisser, Noah Meyerhans
+
+ -- Simon Walter <simon.walter@hp-factory.de> Mon, 22 Dec 2008 19:43:05 +0100
+
mailscanner (4.68.8-1) unstable; urgency=low
* New upstream release
diff -Naur mailscanner-4.68.8/debian/mailscanner.install mailscanner-4.68.8-1+lenny1-proposed/debian/mailscanner.install
--- mailscanner-4.68.8/debian/mailscanner.install 2008-12-24 23:29:01.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/mailscanner.install 2008-12-24 23:27:44.000000000 +0100
@@ -2,6 +2,7 @@
bin/df2mbox usr/sbin/
bin/upgrade_MailScanner_conf usr/sbin/
bin/MailScanner /usr/sbin
+bin/mailscanner_create_locks /usr/sbin
bin/update_virus_scanners /usr/sbin
bin/update_phishing_sites /usr/sbin
lib/MailScanner.pm usr/share/MailScanner/
diff -Naur mailscanner-4.68.8/debian/patches/00list mailscanner-4.68.8-1+lenny1-proposed/debian/patches/00list
--- mailscanner-4.68.8/debian/patches/00list 2008-12-24 23:29:01.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/patches/00list 2008-12-24 23:27:43.000000000 +0100
@@ -10,3 +10,4 @@
update_virus_scanners.dpatch
upgrade-manpage.dpatch
use_spamassassinprefsconf.dpatch
+CVE-2008-5313.dpatch
diff -Naur mailscanner-4.68.8/debian/patches/CVE-2008-5313.dpatch mailscanner-4.68.8-1+lenny1-proposed/debian/patches/CVE-2008-5313.dpatch
--- mailscanner-4.68.8/debian/patches/CVE-2008-5313.dpatch 1970-01-01 01:00:00.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/patches/CVE-2008-5313.dpatch 2008-12-24 23:27:43.000000000 +0100
@@ -0,0 +1,1335 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-5313.dpatch by <noahm@debian.org>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
+diff -urNad mailscanner-4.68.8~/bin/MailScanner mailscanner-4.68.8/bin/MailScanner
+--- mailscanner-4.68.8~/bin/MailScanner 2008-12-22 22:48:13.000000000 +0100
++++ mailscanner-4.68.8/bin/MailScanner 2008-12-22 22:48:14.000000000 +0100
+@@ -61,6 +61,7 @@
+ use FileHandle;
+ use File::Path;
+ use IO::Handle;
++use IO::File;
+ use Getopt::Long;
+ use Time::HiRes qw ( time );
+ use Filesys::Df;
+@@ -362,6 +363,18 @@
+ " checking configuration...\n";
+ MailScanner::Log::Configure($logbanner, 'stderr');
+
++ # Check -autoupdate lock files
++ my $lockdir = MailScanner::Config::QuickPeek($ConfFile, 'lockfiledir');
++ if ($lockdir eq "" || $lockdir =~ /tmp$/i) {
++ print STDERR "Please move your \"Lockfile Dir\" setting in MailScanner.conf.\n";
++ print STDERR "It should point outside /tmp, preferably /var/spool/MailScanner/incoming/Locks\n";
++ }
++ my $cluid = MailScanner::Config::QuickPeek($ConfFile, 'runasuser');
++ my $clgid = MailScanner::Config::QuickPeek($ConfFile, 'runasgroup');
++ my $clr = system("/usr/sbin/mailscanner_create_locks \"$lockdir\" \"$cluid\" \"$clgid\"");
++ print STDERR "Error: Attempt to create locks in $lockdir failed!\n"
++ if ($clr>>8) != 0;
++
+ # Read the directory containing all the custom code
+ MailScanner::Config::initialise(MailScanner::Config::QuickPeek($ConfFile,
+ 'customfunctionsdir'));
+@@ -446,6 +459,12 @@
+ }
+ }
+
++ # Check permissions on /tmp
++ if ($WantLintOnly) {
++ my $handle = IO::File->new_tmpfile or print STDERR "\nYour /tmp needs to be set to \"chmod 1777 /tmp\"\n";
++ close($handle);
++ }
++
+ # If it's a "light" check, then just bail out here, I've checked enough.
+ exit if $WantLintLiteOnly;
+
+@@ -631,6 +650,20 @@
+ WritePIDFile("MailScanner");
+ chown $uid, $gid, $PidFile;
+
++# Create the SpamAssassin temporary working dir
++MailScanner::SA::CreateTempDir($uid,
++ MailScanner::Config::QuickPeek($ConfFile, 'spamassassintemporarydir'));
++
++# Check and create -autoupdate lock files
++my $locksdir = MailScanner::Config::QuickPeek($ConfFile, 'lockfiledir');
++if ($locksdir eq "" || $locksdir =~ /tmp$/i) {
++ print STDERR "Please move your \"Lockfile Dir\" setting in MailScanner.conf.\n";
++ print STDERR "It should point outside /tmp, preferably /var/spool/MailScanner/incoming/Locks\n";
++}
++my $cl = system("/usr/sbin/mailscanner_create_locks \"$locksdir\" \"$uname\" \"$gname\"");
++print STDERR "Error: Attempt to create locks in $locksdir failed!\n"
++ if ($cl>>8) != 0;
++
+ SetUidGid($uid, $gid, $qgid, $igid);
+ CheckModuleVersions();
+ # Can't do this here, config not read yet: CheckQueuesAreTogether();
+diff -urNad mailscanner-4.68.8~/bin/mailscanner_create_locks mailscanner-4.68.8/bin/mailscanner_create_locks
+--- mailscanner-4.68.8~/bin/mailscanner_create_locks 1970-01-01 01:00:00.000000000 +0100
++++ mailscanner-4.68.8/bin/mailscanner_create_locks 2008-12-22 22:48:15.000000000 +0100
+@@ -0,0 +1,62 @@
++#!/usr/bin/perl
++
++use DirHandle;
++use FileHandle;
++use strict;
++no strict 'subs';
++
++# Find the root of the locks directory
++my $locksdirname = shift;
++my $lduname = shift;
++my $ldgname = shift;
++
++# Turn them all into numbers and stuff with sensible defaults
++$locksdirname = '/var/lock/subsys/MailScanner'
++ unless $locksdirname =~ /^\//;
++my $lduid = getpwnam($lduname);
++my $ldgid = getgrnam($ldgname);
++
++# If it's not a directory, destroy it and start again.
++lstat $locksdirname;
++unlink $locksdirname unless -d _;
++lstat $locksdirname;
++unless (-d _) {
++ mkdir $locksdirname or die "Can't mkdir $locksdirname, $!";
++}
++
++# Now work through all the virus scanner autoupdate names, building Lock files.
++my($dh, $fh, $updatename, $lockname, @updatenames, @locknames);
++$dh = new DirHandle "/etc/MailScanner/autoupdate";
++die "Can't read dir etc/MailScanner/autoupdate to build list of -autoupdate scripts, $!" unless $dh;
++while (defined($updatename = $dh->read)) {
++ next unless $updatename =~ s/-autoupdate$//;
++ next unless $updatename =~ /^[a-z0-9_-]+$/i; # No nasty chars thanks!
++ $lockname = "$locksdirname/$updatename" . "Busy.lock";
++ lstat $lockname;
++ unless (-f _) {
++ # It's not a plain file!
++ if (-d _) {
++ # It's a directory, so cannot just unlink it
++ system("rm -rf $lockname");
++ } else {
++ # It's not a plain file nor a directory, so just remove it
++ unlink $lockname;
++ }
++ }
++ $fh = new FileHandle($lockname, O_CREAT|O_WRONLY|O_APPEND);
++ $fh->close;
++ # Quicker to collect them and do 1 big chmod and chown call later.
++ push @locknames, $lockname;
++}
++$dh->close;
++
++# Set perms and ownership of /v/s/M/i/Locks to
++# drwxr-x--- root run-as-group
++chmod 0750, $locksdirname unless $locksdirname =~ /^\/tmp/;
++chown -1, $ldgid, $locksdirname;
++# Set perms and ownership of /v/s/M/i/Locks/*.lock to
++# -rw------- run-as-user run-as-group
++chmod 0600, @locknames;
++chown $lduid, $ldgid, @locknames;
++
++exit 0;
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/MessageBatch.pm mailscanner-4.68.8/lib/MailScanner/MessageBatch.pm
+--- mailscanner-4.68.8~/lib/MailScanner/MessageBatch.pm 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/MessageBatch.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -42,6 +42,7 @@
+ use DirHandle;
+ use Time::HiRes qw ( time );
+ use POSIX;
++use File::Temp qw ( tempfile tempdir );
+
+ use vars qw($VERSION);
+
+@@ -1158,7 +1159,8 @@
+ # Message number = 1
+ # Path = irrelevant as we're not actually reading anything
+ # It's a fake that we simulate ==> 1
+- my $newmessage = MailScanner::Message->new(1, '/tmp', 1);
++ my $MessageDir = tempdir( 'MSlintXXXXXX', CLEANUP => 1);
++ my $newmessage = MailScanner::Message->new(1, $MessageDir, 0, 1);
+ @{$newmessage->{headers}} = ();
+ @{$newmessage->{to}} = ();
+ @{$newmessage->{touser}} = ();
+@@ -1189,13 +1191,15 @@
+ $newmessage->WriteHeaderFile();
+
+ # Create a file of the body
+- my $fh = new FileHandle(">/tmp/MSLint.body.$$");
++ my($fh, $temporaryname);
++ ($fh, $temporaryname) = tempfile()
++ or die "Could not create temp file $temporaryname for test message, $!";
+ print $fh <<EOFLint;
+ WDVPIVAlQEFQWzRcUFpYNTQoUF4pN0NDKTd9JEVJQ0FSLVNUQU5EQVJELUFOVElWSVJVUy1URVNU
+ LUZJTEUhJEgrSCo=
+ EOFLint
+ $fh->close();
+- $newmessage->{store}->{dpath} = "/tmp/MSLint.body.$$";
++ $newmessage->{store}->{dpath} = $temporaryname;
+
+ # Add it to the batch
+ $batch->{messages}{"1"} = $newmessage;
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/Quarantine.pm mailscanner-4.68.8/lib/MailScanner/Quarantine.pm
+--- mailscanner-4.68.8~/lib/MailScanner/Quarantine.pm 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/Quarantine.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -36,6 +36,7 @@
+ no strict 'subs'; # Allow bare words for parameter %'s
+
+ use File::Copy;
++use File::Temp qw ( tempfile tempdir );
+
+ use vars qw($VERSION);
+
+@@ -80,11 +81,9 @@
+
+ # Create a test file to try with chown
+ my($testfn, $testfh, $worked);
+- $testfn = MailScanner::Config::Value('lockfiledir') || '/tmp';
+- $testfn .= "/MailScanner.ownertest.$$";
+- $testfh = new FileHandle;
+- $testfh->open(">$testfn") or
+- MailScanner::Log::WarnLog('Could not test file ownership abilities on %s, please delete the file', $testfn);
++ #MailScanner::Config::Value('lockfiledir') || '/var/spool/MailScanner/incoming/Locks';
++ ($testfh, $testfn) = tempfile('MS.ownertest.XXXXXX', DIR => '/tmp')
++ or MailScanner::Log::WarnLog('Could not test file ownership abilities on %s, please delete the file', $testfn);
+ print $testfh "Testing file owner and group permissions for MailScanner\n";
+ $testfh->close;
+
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/SA.pm mailscanner-4.68.8/lib/MailScanner/SA.pm
+--- mailscanner-4.68.8~/lib/MailScanner/SA.pm 2008-12-22 22:48:14.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/SA.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -69,6 +69,22 @@
+ my $VirusesCacheLife = 48*60*60; # Lifetime of viruses from last seen
+ my $ExpireFrequency = 10*60; # How often to run the expiry of the cache
+
++sub CreateTempDir {
++ my($runasuser,$satmpdir) = @_;
++
++ # Create the $TMPDIR for SpamAssassin if necessary, then check we can
++ # write to it. If not, change to /tmp.
++ lstat $satmpdir;
++ unless (-d _) {
++ unlink $satmpdir;
++ mkdir $satmpdir or warn "Could not create SpamAssassin temporary directory $satmpdir, $!";
++ }
++ chmod 0700, $satmpdir unless $satmpdir =~ /^\.tmp/;
++ chown $runasuser, -1, $satmpdir;
++
++ $ENV{'TMPDIR'} = $satmpdir;
++}
++
+ sub initialise {
+ my($RebuildBayes, $WantLintOnly) = @_; # Start by rebuilding the Bayes database?
+
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/SweepViruses.pm mailscanner-4.68.8/lib/MailScanner/SweepViruses.pm
+--- mailscanner-4.68.8~/lib/MailScanner/SweepViruses.pm 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/SweepViruses.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -81,7 +81,7 @@
+ my %Scanners = (
+ generic => {
+ Name => 'Generic',
+- Lock => 'GenericBusy.lock',
++ Lock => 'genericBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '-disinfect',
+ ScanOptions => '',
+@@ -92,7 +92,7 @@
+ },
+ sophossavi => {
+ Name => 'SophosSAVI',
+- Lock => 'SophosBusy.lock',
++ Lock => 'sophosBusy.lock',
+ # In next line, '-ss' makes it work nice and quietly
+ CommonOptions => '',
+ DisinfectOptions => '',
+@@ -104,7 +104,7 @@
+ },
+ sophos => {
+ Name => 'Sophos',
+- Lock => 'SophosBusy.lock',
++ Lock => 'sophosBusy.lock',
+ # In next line, '-ss' makes it work nice and quietly
+ CommonOptions => '-sc -f -all -rec -ss -archive -cab -loopback ' .
+ '--no-follow-symlinks --no-reset-atime -TNEF',
+@@ -117,7 +117,7 @@
+ },
+ mcafee => {
+ Name => 'McAfee',
+- Lock => 'McAfeeBusy.lock',
++ Lock => 'mcafeeBusy.lock',
+ CommonOptions => '--recursive --ignore-links --analyze --mime ' .
+ '--secure --noboot',
+ DisinfectOptions => '--clean',
+@@ -129,7 +129,7 @@
+ },
+ command => {
+ Name => 'Command',
+- Lock => 'CommandBusy.lock',
++ Lock => 'commandBusy.lock',
+ CommonOptions => '-packed -archive',
+ DisinfectOptions => '-disinf',
+ ScanOptions => '',
+@@ -140,7 +140,7 @@
+ },
+ etrust => {
+ Name => 'eTrust',
+- Lock => 'eTrustBusy.lock',
++ Lock => 'etrustBusy.lock',
+ CommonOptions => '-nex -arc -mod reviewer -spm h ',
+ DisinfectOptions => '-act cure -sca mf',
+ ScanOptions => '',
+@@ -151,7 +151,7 @@
+ },
+ inoculate => {
+ Name => 'Inoculate',
+- Lock => 'InoculateBusy.lock',
++ Lock => 'inoculateBusy.lock',
+ CommonOptions => '-nex -arc -mod reviewer -spm h ',
+ DisinfectOptions => '-act cure -sca mf',
+ ScanOptions => '',
+@@ -162,7 +162,7 @@
+ },
+ inoculan => {
+ Name => 'Inoculan',
+- Lock => 'InoculanBusy.lock',
++ Lock => 'inoculanBusy.lock',
+ CommonOptions => '-nex -rev ',
+ DisinfectOptions => '-nex -cur',
+ ScanOptions => '',
+@@ -173,7 +173,7 @@
+ },
+ "kaspersky-4.5" => {
+ Name => 'Kaspersky',
+- Lock => 'KasperskyBusy.lock',
++ Lock => 'kasperskyBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '-i2',
+ ScanOptions => '-i0',
+@@ -184,7 +184,7 @@
+ },
+ kaspersky => {
+ Name => 'Kaspersky',
+- Lock => 'KasperskyBusy.lock',
++ Lock => 'kasperskyBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '-- -I2',
+ ScanOptions => '-I0',
+@@ -195,7 +195,7 @@
+ },
+ kavdaemonclient => {
+ Name => 'KavDaemon',
+- Lock => 'KavDaemonClientBusy.lock',
++ Lock => 'kasperskyBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '-- -I2',
+ ScanOptions => '',
+@@ -206,7 +206,7 @@
+ },
+ "f-secure" => {
+ Name => 'F-Secure',
+- Lock => 'FSecureBusy.lock',
++ Lock => 'f-secureBusy.lock',
+ CommonOptions => '--dumb --archive',
+ DisinfectOptions => '--auto --disinf',
+ ScanOptions => '',
+@@ -217,7 +217,7 @@
+ },
+ "f-prot" => {
+ Name => 'F-Prot',
+- Lock => 'FProtBusy.lock',
++ Lock => 'f-protBusy.lock',
+ CommonOptions => '-old -archive -dumb',
+ DisinfectOptions => '-disinf -auto',
+ ScanOptions => '',
+@@ -228,7 +228,7 @@
+ },
+ "f-prot-6" => {
+ Name => 'F-Prot6',
+- Lock => 'FProt6Busy.lock',
++ Lock => 'f-prot-6Busy.lock',
+ CommonOptions => '-s 4 --adware',
+ DisinfectOptions => '--disinfect --macros_safe',
+ ScanOptions => '--report',
+@@ -239,7 +239,7 @@
+ },
+ "f-protd-6" => {
+ Name => 'F-Protd6',
+- Lock => 'FProtd6Busy.lock',
++ Lock => 'f-prot-6Busy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -250,7 +250,7 @@
+ },
+ nod32 => {
+ Name => 'Nod32',
+- Lock => 'Nod32Busy.lock',
++ Lock => 'nod32Busy.lock',
+ CommonOptions => '-log- -all',
+ DisinfectOptions => '-clean -delete',
+ ScanOptions => '',
+@@ -261,7 +261,7 @@
+ },
+ "nod32-1.99" => {
+ Name => 'Nod32',
+- Lock => 'Nod32Busy.lock',
++ Lock => 'nod32Busy.lock',
+ CommonOptions => '--arch --all -b',
+ DisinfectOptions => '--action clean --action-uncl none',
+ ScanOptions => '',
+@@ -272,7 +272,7 @@
+ },
+ "antivir" => {
+ Name => 'AntiVir',
+- Lock => 'AntiVirBusy.lock',
++ Lock => 'antivirBusy.lock',
+ CommonOptions => '-allfiles -s -noboot -rs -z',
+ DisinfectOptions => '-e -ren',
+ ScanOptions => '',
+@@ -283,7 +283,7 @@
+ },
+ "panda" => {
+ Name => 'Panda',
+- Lock => 'PandaBusy.lock',
++ Lock => 'pandaBusy.lock',
+ CommonOptions => '-nor -nos -nob -heu -eng -aex -auto -cmp',
+ DisinfectOptions => '-clv',
+ ScanOptions => '-nor',
+@@ -294,7 +294,7 @@
+ },
+ "rav" => {
+ Name => 'Rav',
+- Lock => 'RavBusy.lock',
++ Lock => 'ravBusy.lock',
+ CommonOptions => '--all --mail --archive',
+ DisinfectOptions => '--clean',
+ ScanOptions => '',
+@@ -305,7 +305,7 @@
+ },
+ "clamavmodule" => {
+ Name => 'ClamAVModule',
+- Lock => 'ClamAVBusy.lock',
++ Lock => 'clamavBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -316,7 +316,7 @@
+ },
+ "clamd" => {
+ Name => 'Clamd',
+- Lock => 'ClamDBusy.lock',
++ Lock => 'clamavBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -327,7 +327,7 @@
+ },
+ "clamav" => {
+ Name => 'ClamAV',
+- Lock => 'ClamAVBusy.lock',
++ Lock => 'clamavBusy.lock',
+ CommonOptions => '-r --no-summary --stdout',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -338,7 +338,7 @@
+ },
+ "trend" => {
+ Name => 'Trend',
+- Lock => 'TrendBusy.lock',
++ Lock => 'trendBusy.lock',
+ CommonOptions => '-a -za -r',
+ DisinfectOptions => '-c',
+ ScanOptions => '',
+@@ -349,7 +349,7 @@
+ },
+ "bitdefender" => {
+ Name => 'Bitdefender',
+- Lock => 'BitdefenderBusy.lock',
++ Lock => 'bitdefenderBusy.lock',
+ CommonOptions => '--arc --mail --all',
+ DisinfectOptions => '--disinfect',
+ ScanOptions => '',
+@@ -360,7 +360,7 @@
+ },
+ "drweb" => {
+ Name => 'DrWeb',
+- Lock => 'drweb.lock',
++ Lock => 'drwebBusy.lock',
+ CommonOptions => '-ar -fm -ha- -fl- -ml -sd -up',
+ DisinfectOptions => '-cu',
+ ScanOptions => '',
+@@ -371,7 +371,7 @@
+ },
+ "norman" => {
+ Name => 'Norman',
+- Lock => 'NormanBusy.lock',
++ Lock => 'normanBusy.lock',
+ CommonOptions => '-c -sb:1 -s -u',
+ DisinfectOptions => '-cl:2',
+ ScanOptions => '',
+@@ -382,7 +382,7 @@
+ },
+ "css" => {
+ Name => 'SYMCScan',
+- Lock => 'SYMCScan.lock',
++ Lock => 'symscanengineBusy.lock',
+ CommonOptions => '',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -393,7 +393,7 @@
+ },
+ "avg" => {
+ Name => 'Avg',
+- Lock => 'AvgBusy.lock',
++ Lock => 'avgBusy.lock',
+ CommonOptions => '-arc', # Remove by Chris Richardson: -ext=*',
+ DisinfectOptions => '',
+ ScanOptions => '',
+@@ -404,7 +404,7 @@
+ },
+ "vexira" => {
+ Name => 'Vexira',
+- Lock => 'VexiraBusy.lock',
++ Lock => 'vexiraBusy.lock',
+ #CommonOptions => '--allfiles -s -z -noboot -nombr -r1 -rs -lang=EN --alltypes',
+ #DisinfectOptions => '-e',
+ CommonOptions => '-qq --scanning=full',
+@@ -417,7 +417,7 @@
+ },
+ "symscanengine" => {
+ Name => 'SymantecScanEngine',
+- Lock => 'SymScanEngineBusy.lock',
++ Lock => 'symscanengineBusy.lock',
+ CommonOptions => '-details -recurse',
+ DisinfectOptions => '-mode scanrepair',
+ ScanOptions => '-mode scan',
+@@ -428,7 +428,7 @@
+ },
+ "avast" => {
+ Name => 'Avast',
+- Lock => 'Avast.lock',
++ Lock => 'avastBusy.lock',
+ CommonOptions => '-n -t=A',
+ DisinfectOptions => '-p=3',
+ ScanOptions => '',
+@@ -439,7 +439,7 @@
+ },
+ "avastd" => {
+ Name => 'AvastDaemon',
+- Lock => 'AvastDaemon.lock',
++ Lock => 'avastBusy.lock',
+ CommonOptions => '-n',
+ DisinfectOptions => '',
+ ScanOptions => '',
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/TNEF.pm mailscanner-4.68.8/lib/MailScanner/TNEF.pm
+--- mailscanner-4.68.8~/lib/MailScanner/TNEF.pm 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/TNEF.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -36,6 +36,7 @@
+ no strict 'subs'; # Allow bare words for parameter %'s
+
+ use DirHandle;
++use File::Temp qw/ tempfile tempdir /;
+ use POSIX qw(:signal_h setsid); # For Solaris 9 SIG bug workaround
+
+ use vars qw($VERSION);
+@@ -125,10 +126,10 @@
+ my($fh, $filename, %parms);
+
+ # Make the temporary tnef files be created under /tmp for easy removal.
+- mkdir "/tmp/tnef.$$", 0777;
+- chmod 0700, "/tmp/tnef.$$";
++ my $tempdir = tempdir();
++ chmod 0700, $tempdir; # "/tmp/tnef.$$";
+ %parms = ( ignore_checksum => "true",
+- output_dir => "/tmp/tnef.$$",
++ output_dir => $tempdir,
+ output_to_core => "NONE" );
+ my $tnef = Convert::TNEF->read_in("$dir/$tnefname", \%parms);
+ if ($tnef) {
+@@ -186,7 +187,7 @@
+ undef $tnef;
+ $message->{foundtnefattachments} = 1;
+ #$message->{entity}->dump_skeleton();
+- system("rm -rf /tmp/tnef.$$");
++ system("rm -rf $tempdir"); # /tmp/tnef.$$");
+ MailScanner::Log::InfoLog("Message %s added TNEF contents %s",
+ $message->{id}, join(',', @replacements))
+ if @replacements;
+@@ -194,7 +195,7 @@
+ } else {
+ # It failed
+ undef $tnef;
+- system("rm -rf /tmp/tnef.$$");
++ system("rm -rf $tempdir"); # /tmp/tnef.$$");
+ return 1 if MailScanner::Config::Value('deliverunparsabletnef',$message);
+ return 0;
+ }
+@@ -326,7 +327,8 @@
+ $message->{entity}->attach(Type => $type,
+ Encoding => $encoding,
+ Disposition => "attachment",
+- Filename => $safename,
++ # Use original name: $safename,
++ Filename => $unpacked,
+ Path => "$dir/$safename");
+ }
+ $message->{bodymodified} = 1;
+diff -urNad mailscanner-4.68.8~/lib/MailScanner/WorkArea.pm mailscanner-4.68.8/lib/MailScanner/WorkArea.pm
+--- mailscanner-4.68.8~/lib/MailScanner/WorkArea.pm 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/MailScanner/WorkArea.pm 2008-12-22 22:48:15.000000000 +0100
+@@ -37,6 +37,7 @@
+
+ use DirHandle;
+ use File::Path;
++use File::Temp qw/ tempfile tempdir /;
+ use Cwd 'abs_path';
+
+ use vars qw($VERSION);
+@@ -81,11 +82,9 @@
+
+ # Create a test file to try with chown
+ my($testfn, $testfh, $worked);
+- $testfn = MailScanner::Config::Value('lockfiledir') || '/tmp';
+- $testfn .= "/MailScanner.ownertest.$$";
+- $testfh = new FileHandle;
+- $testfh->open(">$testfn") or
+- MailScanner::Log::WarnLog('Could not test file ownership abilities on %s, please delete the file', $testfn);
++ #MailScanner::Config::Value('lockfiledir') || '/var/spool/MailScanner/incoming/Locks';
++ ($testfh, $testfn) = tempfile('MS.ownertest.XXXXXX', DIR => '/tmp')
++ or MailScanner::Log::WarnLog('Could not test file ownership abilities on %s, please delete the file', $testfn);
+ print $testfh "Testing file owner and group permissions for MailScanner\n";
+ $testfh->close;
+
+@@ -290,6 +289,12 @@
+ rmtree($IdList, 0, 1);
+ }
+
++sub DeleteFile {
++ my $this = shift;
++ my($message, $attach) = @_;
++ unlink $this->{dir} . '/' . $message->{id} . '/' . $attach;
++}
++
+
+ # Change current directory to the one containing the attachments
+ # for the message we are passed.
+diff -urNad mailscanner-4.68.8~/lib/antivir-autoupdate mailscanner-4.68.8/lib/antivir-autoupdate
+--- mailscanner-4.68.8~/lib/antivir-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/antivir-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -12,7 +12,7 @@
+ $AntiVirCommand = "$PackageDir/antivir";
+ $AntiVirUpdateCommand = "$AntiVirCommand --update";
+
+-$LockFile = "/tmp/AntiVirBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/antivirBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -70,7 +70,6 @@
+
+ sub UnlockAntiVir {
+ print LOCK "Unlocked after updating AntiVir definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/avast-autoupdate mailscanner-4.68.8/lib/avast-autoupdate
+--- mailscanner-4.68.8~/lib/avast-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/avast-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -6,6 +6,7 @@
+ #
+
+ use Sys::Syslog;
++use File::Temp qw{tempfile};
+
+ # If you have a web proxy or cache server, put its value in the next line
+ # in the syntax "full.host.name:port".
+@@ -13,11 +14,11 @@
+
+ $PackageDir = shift || "/usr";
+
+-$LogFile = "/tmp/Avast.update.log";
++(undef, $LogFile) = tempfile("/tmp/Avast.update.log.XXXXXX");
+
+ $AvastUpdateCommand = "$PackageDir/bin/avastvpsupdate.sh";
+
+-$LockFile = "/tmp/AvastBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/avastBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -65,7 +66,6 @@
+
+ sub UnlockAvast {
+ print LOCK "Unlocked after updating Avast definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/avg-autoupdate mailscanner-4.68.8/lib/avg-autoupdate
+--- mailscanner-4.68.8~/lib/avg-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/avg-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -31,9 +31,12 @@
+ # SO17 1BJ
+ # United Kingdom
+ #
+-# $Id: avg-autoupdate 2362 2004-04-03 12:50:00Z jkf $
++# $Id: avg-autoupdate 4597 2008-12-11 01:50:19Z sysjkf $
+
+ Root=$1
++# Remove Root
++shift
++# Remote lockfile
+ shift
+ exec $Root/bin/avgupdate "$@" --online --priority=3 --no-log --no-progress --no-diff --no-daemons "$@" > /dev/null
+ exit 1
+diff -urNad mailscanner-4.68.8~/lib/bitdefender-autoupdate mailscanner-4.68.8/lib/bitdefender-autoupdate
+--- mailscanner-4.68.8~/lib/bitdefender-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/bitdefender-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -109,6 +109,8 @@
+
+ my $PackageDir = shift || "/opt/bdc";
+
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/bitdefenderBusy.lock";
++
+ # This is the maximum time allowed for the bdc --update command to run.
+ my $MaximumTime = 60*20; # 20 minutes
+
+@@ -160,8 +162,6 @@
+ # JKF This should always be over-written later, see JKF comments
+ $bdcBinary = $bitDefenderPath . $bitDefBinary ; # full path to binary
+
+-$LockFile = "/tmp/BitDefenderBusy.lock";
+-
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+ $LOCK_NB = 4;
+@@ -508,7 +508,6 @@
+
+ sub UnlockBitDefender {
+ print LOCK "Unlocked after updating BitDefender definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ # &updateLog ( "Unlocked after updating BitDefender definitions by $$\n");
+diff -urNad mailscanner-4.68.8~/lib/bitdefender-wrapper mailscanner-4.68.8/lib/bitdefender-wrapper
+--- mailscanner-4.68.8~/lib/bitdefender-wrapper 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/bitdefender-wrapper 2008-12-22 22:48:15.000000000 +0100
+@@ -33,7 +33,7 @@
+ prog=bdc
+ extras=''
+
+-LogFile=/tmp/log.bdc.$$
++LogFile=`mktemp /tmp/log.bdc.XXXXXX` || exit 1
+
+ if [ -x ${PackageDir}/bdscan ]; then
+ # Version 7.5 is installed
+diff -urNad mailscanner-4.68.8~/lib/clamav-autoupdate mailscanner-4.68.8/lib/clamav-autoupdate
+--- mailscanner-4.68.8~/lib/clamav-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/clamav-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -6,6 +6,7 @@
+ #
+
+ use Sys::Syslog;
++use File::Temp qw{tempfile};
+
+ # If you have a web proxy or cache server, put its value in the next line
+ # in the syntax "full.host.name:port".
+@@ -13,11 +14,11 @@
+
+ $PackageDir = shift || "/usr/local";
+
+-$LogFile = "/tmp/ClamAV.update.log";
++(undef, $LogFile) = tempfile("/tmp/ClamAV.update.log.XXXXXX");
+
+ $ClamUpdateCommand = "$PackageDir/bin/freshclam";
+
+-$LockFile = "/tmp/ClamAVBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/clamavBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -73,7 +74,6 @@
+
+ sub UnlockClamAV {
+ print LOCK "Unlocked after updating ClamAV definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/clamav-wrapper mailscanner-4.68.8/lib/clamav-wrapper
+--- mailscanner-4.68.8~/lib/clamav-wrapper 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/clamav-wrapper 2008-12-22 22:48:15.000000000 +0100
+@@ -51,7 +51,7 @@
+
+ # You may want to check this script for bash-isms
+
+-TempDir="/tmp/clamav.$$"
++TempDir=`mktemp -d /tmp/clamav.XXXXXX` || exit 1
+ ClamUser="clamav"
+ ClamGroup="clamav"
+
+@@ -139,15 +139,6 @@
+ PATH=$PATH:/usr/ucb
+ export PATH
+
+-# Check if the tmpdir exists, if so delete so we start with a clean slate
+-if [ -x "${TempDir}" ]; then
+- rm -rf ${TempDir} >/dev/null 2>&1
+-fi
+-
+-# Make the Temp dir
+-umask 0077
+-mkdir "${TempDir}" >/dev/null 2>&1
+-
+ # In case we get interupted....
+ trap "rm -rf ${TempDir}" EXIT
+
+diff -urNad mailscanner-4.68.8~/lib/css-autoupdate mailscanner-4.68.8/lib/css-autoupdate
+--- mailscanner-4.68.8~/lib/css-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/css-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -5,7 +5,7 @@
+ $CSSDir = shift || "/opt/SYMCScan";
+ $CSSUpdateCommand="$CSSDir/bin/liveupdate.sh";
+
+-$LockFile = "/tmp/SYMCScan.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/cssBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -62,7 +62,6 @@
+
+ sub UnlockCSS {
+ print LOCK "Unlocked after updating CSS patterns by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/esets-autoupdate mailscanner-4.68.8/lib/esets-autoupdate
+--- mailscanner-4.68.8~/lib/esets-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/esets-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -5,7 +5,7 @@
+ $esetsRoot = shift || "/usr/local/esets";
+
+ $esetsAuth = "esets.auth";
+-$LockFile = "/tmp/esetsBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/esetsBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -85,7 +85,6 @@
+
+ sub Unlock {
+ print LOCK "Unlocked after updating virus definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/etrust-autoupdate mailscanner-4.68.8/lib/etrust-autoupdate
+--- mailscanner-4.68.8~/lib/etrust-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/etrust-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -9,7 +9,7 @@
+
+ $PackageDir = shift || "/opt/CA/eTrustITM";
+
+-$LockFile = "/tmp/eTrustBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/etrustBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -134,7 +134,6 @@
+
+ sub UnlockAV {
+ print LOCK "Unlocked after updating eTrust definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/f-prot-6-autoupdate mailscanner-4.68.8/lib/f-prot-6-autoupdate
+--- mailscanner-4.68.8~/lib/f-prot-6-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/f-prot-6-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -33,6 +33,7 @@
+ use Sys::Syslog;
+ use FileHandle;
+ use IO::File;
++use File::Temp qw{tempfile};
+ # Stop syslogd from needing external access (or -r)
+ eval { Sys::Syslog::setlogsock('unix'); };
+
+@@ -49,8 +50,8 @@
+ #
+ ####################################
+
+-$LockFile = "/tmp/FProt6Busy.lock";
+ $PackageDir = shift || "/opt/f-prot";
++$LockFile = "/var/spool/MailScanner/incoming/Locks/f-prot-6Busy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -67,7 +68,7 @@
+ #
+ $command = "$PackageDir/fpupdate";
+ $command .= " --proxy $Proxy --proxy-username $ProxyUsername --proxy-password $ProxyPassword" if $Proxy;
+-my $logfile = "/tmp/f-prot-6-update-$$";
++my (undef, $logfile) = tempdir("/tmp/f-prot-6-update-XXXXXX");
+ $command .= " >$logfile 2>&1";
+
+ #
+@@ -142,7 +143,6 @@
+ sub UnlockFProt {
+ return unless $FProtIsLocked;
+ print LOCK "Unlocked after updating F-Prot-6 signature files by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/f-prot-autoupdate mailscanner-4.68.8/lib/f-prot-autoupdate
+--- mailscanner-4.68.8~/lib/f-prot-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/f-prot-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -3,7 +3,7 @@
+ # MailScanner - SMTP E-Mail Virus Scanner
+ # Copyright (C) 2002 Julian Field
+ #
+-# $Id: f-prot-autoupdate 4143 2007-08-20 17:14:40Z sysjkf $
++# $Id: f-prot-autoupdate 4605 2008-12-11 12:17:05Z sysjkf $
+ #
+ # This program is free software; you can redistribute it and/or modify
+ # it under the terms of the GNU General Public License as published by
+@@ -59,7 +59,7 @@
+ #$FallbackServer = 'http://updates.f-prot.com/files/';
+ $FallbackServer = 'ftp://ftp.f-prot.com/pub/';
+
+-$LockFile = "/tmp/FProtBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/f-protBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -374,7 +374,6 @@
+ sub UnlockFProt {
+ return unless $FProtIsLocked;
+ print LOCK "Unlocked after updating F-Prot virus files by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/f-secure-autoupdate mailscanner-4.68.8/lib/f-secure-autoupdate
+--- mailscanner-4.68.8~/lib/f-secure-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/f-secure-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -31,9 +31,12 @@
+ # SO17 1BJ
+ # United Kingdom
+ #
+-# $Id: f-secure-autoupdate 1868 2003-08-25 16:39:32Z jkf $
++# $Id: f-secure-autoupdate 4597 2008-12-11 01:50:19Z sysjkf $
+
+ Root=$1
++# Dispose of Root
++shift
++# Dispose of Lock file name
+ shift
+ exec $Root/bin/dbupdate "$@"
+
+diff -urNad mailscanner-4.68.8~/lib/f-secure-wrapper mailscanner-4.68.8/lib/f-secure-wrapper
+--- mailscanner-4.68.8~/lib/f-secure-wrapper 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/f-secure-wrapper 2008-12-22 22:48:15.000000000 +0100
+@@ -33,7 +33,7 @@
+ # SO17 1BJ
+ # United Kingdom
+ #
+-# $Id: f-secure-wrapper 4192 2007-10-02 17:54:26Z sysjkf $
++# $Id: f-secure-wrapper 4534 2008-09-01 11:33:51Z sysjkf $
+
+
+ # Look to see what version we have got installed.
+@@ -48,7 +48,7 @@
+ if [ -f $FSAV_CONF ] && grep -i '^daemondatabasedirectory' $FSAV_CONF >/dev/null
+ then
+ PackageDir=$Root/bin
+- ScanOptions="--riskware=on --virus-action1=report --virus-action2=none --riskware-action1=report --riskware-action2=none --skiplarge=no --databasedirectory=/var/opt/f-secure/fssp/databases"
++ ScanOptions="--riskware=on --scanexecutables=on --virus-action1=report --virus-action2=none --riskware-action1=report --riskware-action2=none --skiplarge=no --databasedirectory=/var/opt/f-secure/fssp/databases"
+ else
+ # FSAV version 4.6x
+ FSAV_CONF=/etc/opt/f-secure/fsav/fsav.conf
+diff -urNad mailscanner-4.68.8~/lib/generic-autoupdate mailscanner-4.68.8/lib/generic-autoupdate
+--- mailscanner-4.68.8~/lib/generic-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/generic-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -7,7 +7,7 @@
+
+ $GenericRoot = shift;
+
+-$LockFile = "/tmp/GenericBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/genericBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -45,7 +45,6 @@
+
+ sub UnlockGeneric {
+ print LOCK "Unlocked after updating Generic virus scanner by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/inoculan-autoupdate mailscanner-4.68.8/lib/inoculan-autoupdate
+--- mailscanner-4.68.8~/lib/inoculan-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/inoculan-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -10,7 +10,7 @@
+
+ $InoculanDir = shift || "/usr/local/inoculan";
+
+-$LockFile = "/tmp/InoculanBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/inoculanBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -44,7 +44,6 @@
+
+ sub UnlockInoculan {
+ print LOCK "Unlocked after updating inoculan patterns by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/kaspersky-autoupdate mailscanner-4.68.8/lib/kaspersky-autoupdate
+--- mailscanner-4.68.8~/lib/kaspersky-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/kaspersky-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -8,7 +8,7 @@
+ $KavUpdateBinary = "$PackageDir/kavupdater.sh";
+ $KavUpdateCommand = "cat $KavUpdateBinary | sed -e 's/==/=/g' | sh";
+
+-$LockFile = "/tmp/KasperskyBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/kasperskyBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -87,7 +87,6 @@
+
+ sub Unlock {
+ print LOCK "Unlocked after updating Kaspersky definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/kaspersky-wrapper mailscanner-4.68.8/lib/kaspersky-wrapper
+--- mailscanner-4.68.8~/lib/kaspersky-wrapper 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/kaspersky-wrapper 2008-12-22 22:48:15.000000000 +0100
+@@ -41,7 +41,7 @@
+ # For KAV4FS 5.5
+ Scanner=kav4fs/bin/kav4fs-kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+- Report=/tmp/kavoutput.tmp.$$
++ Report=`mktemp /tmp/kavoutput.tmp.XXXXXX` || exit 1
+ ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+ if [ "x$1" = "x-IsItInstalled" ]; then
+ exit 0
+@@ -59,7 +59,7 @@
+ # For KAV 5.5.0
+ Scanner=kav4unix/bin/kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+- Report=/tmp/kavoutput.tmp.$$
++ Report=`mktemp /tmp/kavoutput.tmp.XXXXXX` || exit 1
+ ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+ if [ "x$1" = "x-IsItInstalled" ]; then
+ exit 0
+@@ -77,7 +77,7 @@
+ # For KAV 4.5.0
+ Scanner=bin/kavscanner
+ if [ -x ${PackageDir}/$Scanner ]; then
+- Report=/tmp/kavoutput.tmp.$$
++ Report=`mktemp /tmp/kavoutput.tmp.XXXXXX` || exit 1
+ ScanOptions="-xp -i0" # Don't report progress, don't attempt to clean
+ if [ "x$1" = "x-IsItInstalled" ]; then
+ exit 0
+diff -urNad mailscanner-4.68.8~/lib/mcafee-autoupdate mailscanner-4.68.8/lib/mcafee-autoupdate
+--- mailscanner-4.68.8~/lib/mcafee-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/mcafee-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -27,7 +27,7 @@
+
+ # handle the command line
+ usage () {
+- echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix]"
++ echo "usage: $0 [-dfrtv] [-Rnnn] [-Innn] [proxy] [prefix] [lock]"
+ echo " -d delete old files"
+ echo " -e get extra.dat"
+ echo " -f force update"
+@@ -38,10 +38,11 @@
+ echo " -I retry interval"
+ echo " proxy URL of FTP/HTTP proxy server"
+ echo " prefix uvscan installation directory"
++ echo " lock lockfile location"
+ exit 1
+ }
+ case $# in
+-[012345])
++[0123456])
+ : ok
+ ;;
+ *) usage
+@@ -56,6 +57,8 @@
+ ;;
+ -*) OPTS=$arg
+ ;;
++ lock*) LOCKFILE=$arg
++ ;;
+ /*) PREFIX=$arg
+ ;;
+ http:) ftp_proxy=$arg
+diff -urNad mailscanner-4.68.8~/lib/nod32-autoupdate mailscanner-4.68.8/lib/nod32-autoupdate
+--- mailscanner-4.68.8~/lib/nod32-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/nod32-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -5,7 +5,7 @@
+ $Nod32Root = shift || "/usr/local/nod32";
+
+ $Nod32Auth = "nod32.auth";
+-$LockFile = "/tmp/Nod32Busy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/nod32Busy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -66,7 +66,6 @@
+
+ sub Unlock {
+ print LOCK "Unlocked after updating virus definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/norman-autoupdate mailscanner-4.68.8/lib/norman-autoupdate
+--- mailscanner-4.68.8~/lib/norman-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/norman-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -6,7 +6,7 @@
+
+ $UpdateCommand = "$PackageDir/niu";
+
+-$LockFile = "/tmp/NormanBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/normanBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -60,7 +60,6 @@
+
+ sub UnlockNorman {
+ print LOCK "Unlocked after updating Norman definitions by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/panda-autoupdate mailscanner-4.68.8/lib/panda-autoupdate
+--- mailscanner-4.68.8~/lib/panda-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/panda-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -31,7 +31,7 @@
+
+ DATE=`date +%m%d`
+ GETSTRING="http://updates.pandasoftware.com:8003/software/basevirus/pav$DATE.zip"
+-TEMPDIR="/tmp"
++TEMPDIR=`mktemp -d /tmp/panda.XXXXXX` || exit 1
+ STARTDIR=`pwd`
+
+ # Doing it.
+@@ -79,6 +79,9 @@
+
+ # All the action is over :)
+
++cd /
++rm -rf $TEMPDIR
++
+ echo ""
+ echo "Update complete. Have a nice day!"
+ echo ""
+diff -urNad mailscanner-4.68.8~/lib/rav-autoupdate mailscanner-4.68.8/lib/rav-autoupdate
+--- mailscanner-4.68.8~/lib/rav-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/rav-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -10,7 +10,7 @@
+ my($PackageDir, $retval);
+ $PackageDir = shift || "/usr/local/rav8";
+ my($TimeOut) = 5*60; # 5 minutes
+-my($LockFile) = '/tmp/RavBusy.lock';
++my($LockFile) = shift || '/var/spool/MailScanner/incoming/Locks/ravBusy.lock';
+ my($ravcommand) = "$PackageDir/bin/ravlin8";
+ my($ravupdate) = "$ravcommand --update=engine";
+
+@@ -77,7 +77,6 @@
+
+ sub UnlockRav {
+ print LOCK "Unlocked after updating Rav Antivirus engine files by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/rav-wrapper mailscanner-4.68.8/lib/rav-wrapper
+--- mailscanner-4.68.8~/lib/rav-wrapper 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/rav-wrapper 2008-12-22 23:00:09.000000000 +0100
+@@ -1,12 +1,14 @@
+ #!/usr/bin/perl -w
+
++use File::Temp qw{tempdir tempfile};
++
+ # specify complete path+name for RAV program
+ #my $ravprogram = '/usr/local/rav8/bin/ravlin8';
+ my $ravprogram;
+ $ravprogram = shift;
+ $ravprogram .= '/bin/ravav';
+
+-my $tmpdir = '/tmp';
++my $tmpdir = tempdir("/tmp/rav.XXXXXX", CLEANUP => 1);
+
+ if ($ARGV[0] eq '-IsItInstalled') {
+ exit 0 if -x $ravprogram;
+diff -urNad mailscanner-4.68.8~/lib/sophos-autoupdate mailscanner-4.68.8/lib/sophos-autoupdate
+--- mailscanner-4.68.8~/lib/sophos-autoupdate 2008-12-22 22:48:13.000000000 +0100
++++ mailscanner-4.68.8/lib/sophos-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -7,7 +7,7 @@
+ #
+ # Update V5 first, then V4
+ #
+-$LockFile = "/tmp/SophosBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/sophosBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -167,7 +167,6 @@
+ # Used for V4 and V5
+ sub UnlockSophos {
+ print LOCK "Unlocked after updating Sophos IDE files by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/symscanengine-autoupdate mailscanner-4.68.8/lib/symscanengine-autoupdate
+--- mailscanner-4.68.8~/lib/symscanengine-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/symscanengine-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -4,7 +4,7 @@
+
+ $PackageDir = shift || "/opt/SYMCScan";
+
+-$LockFile = "/tmp/SymScanEngineBusy.lock";
++$LockFile = shift || "/var/spool/MailScanner/incoming/Locks/symscanengineBusy.lock";
+
+ $LOCK_SH = 1;
+ $LOCK_EX = 2;
+@@ -54,7 +54,6 @@
+
+ sub UnlockSymantec {
+ print LOCK "Unlocked after updating SymScanEngine patterns by $$\n";
+- unlink $LockFile;
+ flock(LOCK, $LOCK_UN);
+ close LOCK;
+ }
+diff -urNad mailscanner-4.68.8~/lib/trend-autoupdate mailscanner-4.68.8/lib/trend-autoupdate
+--- mailscanner-4.68.8~/lib/trend-autoupdate 2008-12-22 20:51:38.000000000 +0100
++++ mailscanner-4.68.8/lib/trend-autoupdate 2008-12-22 22:48:15.000000000 +0100
+@@ -3,6 +3,8 @@
+ # Trend Autoupdate Script.
+ # V0.1 Dan Bird. dbird@sghms.ac.uk
+ # 12/08/2003
++# V1.1 Julian Field. mailscanner@ecs.soton.ac.uk
++# 22/11/2008
+
+ # Make it work on new POSIX systems
+ export _POSIX2_VERSION=199209
+@@ -10,22 +12,29 @@
+ PackageDir=$1
+ export PackageDir
+ shift
++# Throw away lockfile
++shift
+
++TEMPDIR=`mktemp -d /tmp/trend-update.XXXXXX` || exit 1
+ OPRINI=opr.ini.$$
+ export OPRINI
+
++trap "rm -rf $TEMPDIR" EXIT
++
+ # source of IScan dat files
+ FTPSERV="ftp://ftp.antivirus.com/products/pattern/"
+
+ # Get the info on new version...
+ echo "Checking for latest DAT version..."
+-wget -q -O /tmp/$OPRINI $FTPSERV/opr.ini
++# In case it crept into existence
++rm -f $TEMPDIR/$OPRINI
++wget -q -O $TEMPDIR/$OPRINI $FTPSERV/opr.ini
+ #NEWVER=`grep PatternVersion /tmp/opr.ini.$$ | sed s/^PatternVersion=//g | cut -c 1-3`
+-NEWVER=`grep PatternVersionNPF /tmp/opr.ini.$$ | sed s/^PatternVersionNPF=//g | cut -c 3-5`
++NEWVER=`grep PatternVersionNPF $TEMPDIR/$OPRINI | sed s/^PatternVersionNPF=//g | cut -c 3-5`
+
+ # What's out current version?
+ # For 2006 onwards CURRENTVER=`ls $PackageDir/* | grep lpt | tail -1 | cut -d. -f 2`
+-CURRENTVER=`ls -rt $PackageDir/* | grep lpt | tail -1 | cut -d. -f 2`
++CURRENTVER=`ls -rt $PackageDir/*lpt* /etc/iscan/*lpt* | tail -1 | cut -d. -f 2`
+
+ if [ "$CURRENTVER" = "" ]
+ then
+@@ -34,10 +43,11 @@
+ echo "Current version is : $CURRENTVER, new version is : $NEWVER"
+
+ fail () {
+- trap EXIT
++ trap '' EXIT
+ echo "Test run failed -- removing bad Trend data files"
+ echo "$OUT"
+- rm -rf $PackageDir/lpt*$NEWVER*
++ rm -f $PackageDir/lpt*$NEWVER*
++ rm -rf $TEMPDIR
+ logger -p mail.warn -t trend-autoupdate Trend: update failed
+ exit 1
+ }
+@@ -47,17 +57,19 @@
+ if [ $CURRENTVER -ne $NEWVER ]
+ then
+ echo "Getting new DAT version : $NEWVER"
+- wget -q -P /tmp $FTPSERV/lpt$NEWVER.zip
++ # In case it crept into existence
++ rm -f $TEMPDIR/lpt$NEWVER.zip
++ wget -q -P $TEMPDIR $FTPSERV/lpt$NEWVER.zip
+ printf "Testing file for corruption...."
+
+- DATCHECK=`unzip -o -t /tmp/lpt$NEWVER.zip | grep "No errors"`
++ DATCHECK=`unzip -o -t $TEMPDIR/lpt$NEWVER.zip | grep "No errors"`
+
+ if [ "$DATCHECK" != "" ]
+ then
+ echo "OK"
+- mv /tmp/lpt$NEWVER.zip /etc/iscan
++ mv $TEMPDIR/lpt$NEWVER.zip /etc/iscan
+ printf "installing...."
+- cd $PackageDir
++ cd /etc/iscan # $PackageDir
+ unzip -q -o lpt$NEWVER.zip
+ echo "DONE"
+ else
+@@ -65,8 +77,8 @@
+ fi
+
+
+- CMD="$PackageDir/vscan -v 2>&1"
+- OUT=`$CMD`
++ #CMD="$PackageDir/vscan -v 2>&1"
++ OUT=`$PackageDir/vscan -v 2>&1`
+ case "$OUT" in
+ *"read pattern failed"* | \
+ *"invalid pattern file"* | \
+@@ -77,10 +89,16 @@
+ fail
+ ;;
+ esac
+- trap EXIT
++ trap '' EXIT
+ logger -p mail.info -t trend-autoupdate Trend: DAT files updated from $CURRENTVER to $NEWVER
+ else
+ echo "DAT files are upto date"
+ logger -p mail.info -t trend-autoupdate Trend: DAT files are up to date
+ fi
+-rm -f /tmp/lpt*.zip /tmp/$OPRINI $PackageDir/*.zip
++# In case our dir turned into a link on its own...
++rm -f $TEMPDIR >/dev/null 2>&1
++rm -rf $TEMPDIR
++rm -f $PackageDir/*.zip
++rm -f /etc/iscan/*.zip
++exit 0
++
diff -Naur mailscanner-4.68.8/debian/patches/debian/patches/CVE-2008-5313.dpatch mailscanner-4.68.8-1+lenny1-proposed/debian/patches/debian/patches/CVE-2008-5313.dpatch
--- mailscanner-4.68.8/debian/patches/debian/patches/CVE-2008-5313.dpatch 1970-01-01 01:00:00.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/patches/debian/patches/CVE-2008-5313.dpatch 2008-12-24 23:27:43.000000000 +0100
@@ -0,0 +1,7 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## CVE-2008-5313.dpatch by Simon Walter <Simon Walter <simon.walter@hp-factory.de>>
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: No description.
+
+@DPATCH@
diff -Naur mailscanner-4.68.8/debian/rules mailscanner-4.68.8-1+lenny1-proposed/debian/rules
--- mailscanner-4.68.8/debian/rules 2008-12-24 23:29:01.000000000 +0100
+++ mailscanner-4.68.8-1+lenny1-proposed/debian/rules 2008-12-24 23:27:44.000000000 +0100
@@ -60,14 +60,6 @@
: # fix lockfile location in all autoupdate scripts
mkdir -p debian/tmp/autoupdate/
cp -a lib/*autoupdate* debian/tmp/autoupdate/
- for i in debian/tmp/autoupdate/*-autoupdate; do \
- sed -e '/LockFile *=/s,/tmp,/var/lock/subsys/MailScanner,' $$i > $$i.new; \
- if cmp -s $$i $$i.new; then \
- rm -f $$i; \
- else \
- mv $$i.new $$i; \
- fi; \
- done
: # fix virus.scanners.conf
sed -e 's,/opt/MailScanner/lib/,/etc/MailScanner/wrapper/,g' etc/virus.scanners.conf > debian/tmp/virus.scanners.conf
Reply to: