Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 89948 - dansguardian-dgav not scanning
Summary: dansguardian-dgav not scanning
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Network Proxy Developers (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-04-21 11:22 UTC by Sheldon Hearn
Modified: 2005-09-03 08:33 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sheldon Hearn 2005-04-21 11:22:22 UTC 
The dansguardian-dgav package provides a false sense of security.  It blocks content on first request, but allows it on refresh.

If I'm not the only person for whom this happens, I _highly_ recommend hard-masking dansguardian-dgav, because cursory testing makes it look like it offers proection that it doesn't really offer.

I'm using oops as a proxy server, between dansguardian and the Internet.  I don't think proxy selection makes a difference to this, given the design of dansguardian.

Reproducible: Always
Steps to Reproduce:
1. Install clamav, oops/squid and dansguardian-dgav.
2. Edit dansguardian.conf to point to the clamd socket.
3. Configure your firewall to transparent proxy to dansguardian.
4. Fetch http://www.eicar.org/download/eicar.com.txt through the transparent proxy.
5. When you get "Access denied", force a browser refresh.
Actual Results:  
When I first access the Eicar test virus
(http://en.wikipedia.org/wiki/Eicar_test_file), I get "Access denied" as
expected.  If I force refresh with my browser, I get the file! :-)

Expected Results:  
I should get "Access denied" regardless of how many times I request an object
identified by clamd as malware.
Comment 1 Alin Năstac (RETIRED) gentoo-dev 2005-04-21 13:03:53 UTC 
you're right. dansguardian-dgav has been masked till a solution is found
Comment 2 Joost van den Broek 2005-05-07 06:16:21 UTC 
I noticed this problem does not occur with Internet Explorer, so if your environment only contains this browser it is already usable
Comment 3 Sheldon Hearn 2005-05-07 11:08:34 UTC 
Yeah, but these days, Firefox is common even in a Windows-only environment.

I presented this to the dansguardian users mailing list and was told that this is fixed in CVS.  So the next release of dansguardian-dgav will probably fix it.
Comment 4 Joost van den Broek 2005-05-18 02:50:47 UTC 
I agree with that. I just found a workaround for this. If you disable positive 
result caching in dansguardian.conf, thus setting urlcachenumber = 0, it'll 
actually work (at least with wget).
Comment 5 Thomas Stein 2005-08-25 12:40:56 UTC 
Hello. 
 
Dansguardian 2.8.0.6 and dgav-6.4.2a has been released. Unfortunately the patch applys not 
correctly. So just copying the old ebuild does not work. Beside from that issue this version 
works without the reported issue. Installed this version by hand.  
 
regards 
thomas
Comment 6 Alin Năstac (RETIRED) gentoo-dev 2005-08-29 03:38:19 UTC 
version has been bumped to 6.4.2a.
normally this bug should be closed as fixed, but it will remain open until the
old version will be removed from the tree and package.mask (in a week or so)
Comment 7 Alin Năstac (RETIRED) gentoo-dev 2005-09-03 08:33:01 UTC 
net-proxy/dansguardian-dgav-6.3.8 has been removed from the tree, along with its
entry in package.mask