[7.460][BUG][CONFIRMED] ftp antivirus does not work - logfile shows error

Hi Friends !

while downloading file from ftp server it gives error ,need to disable av then file get download ,still while downloading file it says send file

Unable to make tmp dir /tmp
2009:06:28-09:02:22 ace75 frox[12171]: Connect from 192.168.2.225
2009:06:28-09:02:22 ace75 frox[12171]: ... to 152.104.238.19()
2009:06:28-09:02:27 ace75 frox[12171]: PASV: 152.104.238.19:41218
2009:06:28-09:02:56 ace75 frox[12171]: Unknown response from clamd: : lstat() failed: No such file or directory. ERROR
2009:06:28-09:02:59 ace75 frox[12171]: Unknown response from clamd: : lstat() failed: No such file or directory. ERROR
2009:06:28-09:03:02 ace75 frox[12171]: Unknown response from clamd: : lstat() failed: No such file or directory. ERROR
2009:06:28-09:03:05 ace75 frox[12171]: Virus scanner failed
2009:06:28-09:03:05 ace75 frox[12171]: Closing session
2009:06:28-09:03:54 ace75 frox[3909]: Reloading configuration
2009:06:28-09:03:54 ace75 frox[12297]: Unable to make tmp dir /tmp
2009:06:28-09:03:54 ace75 frox[12297]: Connect from 192.168.2.225
2009:06:28-09:03:54 ace75 frox[12297]: ... to 210.51.181.211()
2009:06:28-09:04:26 ace75 frox[12300]: Unable to make tmp dir /tmp
2009:06:28-09:04:26 ace75 frox[12300]: Connect from 192.168.2.225
2009:06:28-09:04:26 ace75 frox[12300]: ... to 66.104.77.130()
2009:06:28-09:04:29 ace75 frox[12300]: PASV: 66.104.77.130:7172
2009:06:28-09:04:52 ace75 frox[12300]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="66.104.77.130" url="ip66-104-77-130.z77-104-66.customer.algx.net/.../Driver_XP_5719_0331.zip" user="WebUser" size="0"

Thanks

Parents

0 Astaro Beta Bot over 16 years ago

Astaro Beta Report
--------------------------------
Version: 7.460
Type: BUG
State: CONFIRMED
Reporter: utm_kid
Contributor: 
MantisID: 10866
--------------------------------

0 wingman over 16 years ago in reply to Astaro Beta Bot

I am using v7.460 and I managed to download files via ftp (dual antivirus enabled) with no issues

Connect from 192.168.2.31

2009:06:28-10:37:07 Enterprise frox[6111]: ... to 213.144.15.28()

2009:06:28-10:37:09 Enterprise frox[6111]: PASV: 213.144.15.28:35601

2009:06:28-10:37:16 Enterprise frox[6111]: PASV: 213.144.15.28:9174

2009:06:28-10:37:17 Enterprise frox[6111]: id="0102" severity="info" sys="SecureWeb" sub="ftp" name="send file, clean" srcip="192.168.2.31" dstip="213.144.15.28" url="15.telemaxx.net/.../u2d-sys-7.010.tgz.gpg.md5" user="anonymous" size="56"

2009:06:28-10:37:34 Enterprise frox[6111]: PASV: 213.144.15.28:46580

2009:06:28-10:39:00 Enterprise frox[6111]: id="0102" severity="info" sys="SecureWeb" sub="ftp" name="send file, clean" srcip="192.168.2.31" dstip="213.144.15.28" url="15.telemaxx.net/.../u2d-sys-7.103.tgz.gpg" user="anonymous" size="5386126"

2009:06:28-10:44:51 Enterprise frox[6248]: PASV: 212.85.150.162:34845

2009:06:28-10:44:53 Enterprise frox[6248]: PASV: 212.85.150.162:34846

2009:06:28-10:44:57 Enterprise frox[6248]: PASV: 212.85.150.162:34847

2009:06:28-10:44:58 Enterprise frox[6248]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.31" dstip="212.85.150.162" url="212.85.150.162/.../updates" user="anonymous" size="0"

2009:06:28-10:44:58 Enterprise frox[6248]: PASV: 212.85.150.162:34848

2009:06:28-10:45:00 Enterprise frox[6248]: PASV: 212.85.150.162:34849

2009:06:28-10:45:01 Enterprise frox[6248]: PASV: 212.85.150.162:34850

2009:06:28-10:45:07 Enterprise frox[6248]: PASV: 212.85.150.162:34852

2009:06:28-10:45:35 Enterprise frox[6248]: id="0102" severity="info" sys="SecureWeb" sub="ftp" name="send file, clean" srcip="192.168.2.31" dstip="212.85.150.162" url="212.85.150.162/.../abiword-2.0.14-62012U10_3cl.i386.rpm" user="anonymous" size="2735336"

I tried two different ftp servers and they work fine. Are you using single/dual engine?

0 Gert Hansen over 16 years ago in reply to wingman

Hi utm_kid,

how does your ftp configuration look like and how did you test this?

thx Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Gert Hansen over 16 years ago in reply to wingman

Hi utm_kid,

how does your ftp configuration look like and how did you test this?

thx Gert
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 utm_kid over 16 years ago in reply to Gert Hansen

Hi utm_kid,

how does your ftp configuration look like and how did you test this?

thx Gert

Hi Gert ,

my configuration is as ,Web security>>ftp>>internal(network) and pptp(vpn pool) antivuirus dual>>50 mb is max scnning but i am downloading only md5 files and some other files which are hardly less then 3 mb

Dual anitvirus ,execption and advance are defualt

Allow FTP traffic for listed hosts/nets --check

FTP Servers--any
with regular internal network
i am able to download exe file with http

does ftp create another tmp directory /if it failed to create where/what is location of directory

i was able to send file and revice file with anti virus but it seems new development ,there was some issuse with av was not able to detect virus file while sending but while downloading same file was able to detect as a virus and while downloaing file log says sending file

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 BAlfson over 16 years ago in reply to utm_kid

with regular internal network
i am able to download exe file with http

In transparent mode, I believe that the Astaro proxies only handle traffic between different networks. If the client and server are both in the same physical subnet, the client will access the server directly and not through the proxy.

I don't know if Astaro does an A-V check on files uploaded by a client in the 'Internal (Network)'. I don't think it does.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 frickler over 16 years ago in reply to BAlfson

The directory /var/storage/chroot-ftp/tmp seems to be missing. It should be included in package chroot-ftp with permissions 1777.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 utm_kid over 16 years ago in reply to frickler

The directory /var/storage/chroot-ftp/tmp seems to be missing. It should be included in package chroot-ftp with permissions 1777.

Greate !

but why this directory was missing ,i have downloaded only 1 file but it seems it has download all files now which was in "Q"

2009:06:29-12:48:22 ace75 frox[3969]: Listening on 0.0.0.0:2121
2009:06:29-12:48:22 ace75 frox[3969]: Dropped privileges
2009:06:29-13:37:47 ace75 frox[3912]: Frox started
2009:06:29-13:37:47 ace75 frox[3912]: Listening on 0.0.0.0:2121
2009:06:29-13:37:47 ace75 frox[3912]: Dropped privileges
2009:06:29-13:40:04 ace75 frox[5259]: Connect from 192.168.2.225
2009:06:29-13:40:04 ace75 frox[5259]: ... to 213.144.15.28()
2009:06:29-13:40:07 ace75 frox[5259]: PASV: 213.144.15.28:22506
2009:06:29-13:40:08 ace75 frox[5259]: PASV: 213.144.15.28:61705
2009:06:29-13:40:09 ace75 frox[5259]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/" user="anonymous" size="0"
2009:06:29-13:41:24 ace75 frox[5259]: PASV: 213.144.15.28:32601
2009:06:29-13:41:26 ace75 frox[5259]: PASV: 213.144.15.28:48220
2009:06:29-13:41:27 ace75 frox[5259]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/pub" user="anonymous" size="0"
2009:06:29-13:41:30 ace75 frox[5259]: PASV: 213.144.15.28:12464
2009:06:29-13:41:32 ace75 frox[5259]: PASV: 213.144.15.28:53805
2009:06:29-13:41:32 ace75 frox[5259]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/.../ASG" user="anonymous" size="0"
2009:06:29-13:41:35 ace75 frox[5259]: PASV: 213.144.15.28:57942
2009:06:29-13:41:36 ace75 frox[5259]: PASV: 213.144.15.28:10870
2009:06:29-13:41:37 ace75 frox[5259]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/.../v7" user="anonymous" size="0"
2009:06:29-13:41:39 ace75 frox[5259]: PASV: 213.144.15.28:39956
2009:06:29-13:41:41 ace75 frox[5259]: PASV: 213.144.15.28:58766
2009:06:29-13:41:41 ace75 frox[5259]: id="0101" severity="info" sys="SecureWeb" sub="ftp" name="send file, not scanned" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/.../beta" user="anonymous" size="0"
2009:06:29-13:41:44 ace75 frox[5259]: PASV: 213.144.15.28:49342
2009:06:29-13:41:45 ace75 frox[5259]: id="0102" severity="info" sys="SecureWeb" sub="ftp" name="send file, clean" srcip="192.168.2.225" dstip="213.144.15.28" url="213.144.15.28/.../asg-7.460-090618-4.iso.md5"

Thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel