[Fwd: Re: [Samba] Drag and Drop and Crash]

Thomas McNeely Thomas.McNeely at wwu.edu
Mon Apr 23 21:31:12 GMT 2007

One more significant finding: I'd been assuming that samba versions
2.2.x were not susceptible to this problem, and Samba versions 3.0.x
were susceptible. But then I learned that elsewhere on our campus a Suse
server with Samba 3.0.22 was unaffected, so I set up my own version
3.0.22 (default installation from source code), and it was also
unaffected. I upgraded it to version 3.0.23, and the problem appeared.
Finally, I tried the new release candidate 2 for 2.0.25, and the problem
went away. Recall that we already experienced the problem with 3.0.23d
and 3.0.24, so I think it's a fair guess that only 3.0.23x and 3.0.24
are affected by this. 

While I still think the blame lies most directly with Symantec, I will
be reporting this as a bug to the Samba developers also, since the
susceptibility seems to have been introduced and then fixed entirely by
accident. (I can't find any indication in the release notes, mailing
list, or bugzilla that the developers are aware of it.)

Hope that helps,
Tom McNeely
Western Washington University Libraries

-----Original Message-----
From: samba-bounces+thomas.mcneely=wwu.edu at lists.samba.org
[mailto:samba-bounces+thomas.mcneely=wwu.edu at lists.samba.org] On Behalf
Of Jim Summers
Sent: Monday, April 16, 2007 8:01 PM
To: samba at lists.samba.org
Subject: [Fwd: Re: [Samba] Drag and Drop and Crash]

Hello List,

Please read Tom's email below.  Has some interesting findings.  The
machine I dealt with also had symantec on it.  Since the repair though
hasn't been a problem.  The user even re-applied the patches.  This is
to weird.


-------- Original Message --------
Subject: 	Re: [Samba] Drag and Drop and Crash
Date: 	Mon, 16 Apr 2007 18:12:47 -0700
From: 	Thomas McNeely <Thomas.McNeely at wwu.edu>
To: 	<jsummers at cs.ou.edu>

Jim, sorry to keep doing this to you but the Samba list rejected me
again. Please share this with the list.




Here's what we've discovered about this problem, including much new

(Most of the tedious version details are deferred to the end of this
message for readability.)

(Dates are expressed American-style as MM/DD/YY.)

On Thursday April 5th our users started experiencing abrupt reboots
(without proper shutdown) when they copied, saved, or renamed files on
our Samba 3.0 shares. This Samba server has run flawlessly for years in
essentially the same configuration as now, and exactly the same
configuration since Christmas. The problem does not occur when writing
to Microsoft or Novell shares.

After trying various experiments on the affected workstations, we
determined that the problem always and only occurs on workstations which
are running both the Novell Client and Symantec AntiVirus. We can only
induce the problem by installing both, and removing either one always
cures the problem.

Regarding Symantec, we have determined that it was a virus definition
file from soon after 3/27/07 (probably one from the week of 4/2/07) that
triggers the problem. The current program version and scan engine
version with virus definition files earlier than 3/27/07 do not trigger
the problem.

Regarding the Novell Client, we have found that only a default
installation is needed to replicate the problem -- no need for Zenworks
client, or even to log in. Also, moving the Novell Client to the bottom
of the "provider order" list does not fix the problem.

Although the timing of the problem's first appearance corresponds
suspiciously with the release of Microsoft's patch KB925902, we have
eliminated this patch as a factor.

We have another Samba server, version 2.2 running on Solaris, whose
users do not experience the problem. So we tried setting up another
Samba 2.2 machine to test with -- in every way similar to our Samba 3.0
machine except for the Samba version. We cannot replicate the problem
when writing to a Samba 2.2 share, regardless of workstation

Although there are a few contributing factors coming together to create
this problem, we believe that the most likely and appropriate solution
would come from Symantec (e.g. in the form of a fix to their virus
definition files). However, fixes might also be possible in the Novell
Client or Samba.

Hope that helps someone and/or someone can help me!

Tom McNeely

Western Washington University Libraries

Appendix: The software versions tested are:

* Windows XP with Service Pack 2 (no

   other versions tested)

* Novell Client version,

   default installation, no Zenworks client

* Symantec AntiVirus: program version, scan engine version, and several virus definitions

   between 4/9/07 (and surely going back

   into the week of 4/2/07) through at least

   4/16/07 rev 17. Virus definitions earlier

   than 3/27/07 (and probably earlier than

   the week of 4/2/07) do not trigger the


* Samba version 2.2.5 (installation method

   and options unknown, running on Solaris)

   -- NO problem

* Samba version 2.2.12 (default installation

   from samba.org source code, installed on

   Slackware 10.2) -- NO problem

* Samba versions 3.0.23d and 3.0.24 (default

   installation from samba.org source code,

   installed on Slackware 10.2 and 9.1

   respectively) -- DO have problem

Jim Summers
School of Computer Science-University of Oklahoma
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/listinfo/samba

More information about the samba mailing list