clamav blocked by apparmor in firefox (using fireclam plugin)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Fix Released
|
Low
|
Jamie Strandboge |
Bug Description
Binary package hint: apparmor
ubuntu karmic
using the firefox plugin, "fireclam" which launches clamav (the clamscan executable) on any downloaded file, apparmor blocks this happening so stopping it working. verified by stopping apparmor and the plugin works again. i see freshclam has been added, but not clamav. i contacted the developer of the plugin who isnt in a position to help but says the plugin just runs the clamscan executable, so i just really need to nkow how to make this happen. i tried (using a plugin already in the firefox profile as a template) adding the clamav bin and database directory access but it did nto work.
can the developers of the firefox apparmor profile (or whoever is best to do so) please either add the fireclam firefox plugin to the firefox apparmor profile, or instruct how to allow clamav access when executed in this mannner ?
thanks & kind regards
affects: | apparmor (Ubuntu) → firefox (Ubuntu) |
tags: | added: apparmor |
affects: | firefox (Ubuntu) → apparmor (Ubuntu) |
Changed in apparmor (Ubuntu): | |
status: | Incomplete → In Progress |
The following added to the firefox profile would be enough to 'fix' this bug:
/usr/bin/clamscan Ux,
However, Ubuntu ships a profile for /usr/sbin/clamd. It would be much better if the plugin could (optionally?) use clamd by reading in the contents of the file to be scanned, then opening /var/run/ clamav/ clamd.ctl and writing:
SCAN <complete file contents>\n
Then checking for the output text/return code. This would allow for us to use in the firefox profile: run/clamav/ clamd.ctl w,
/var/
This allows for better security since clamscan won't be an avenue of attack.