[Mimedefang] Adding virus scanning after MIMEDefang installation
Aleksandar Milivojevic
amilivojevic at pbl.ca
Fri Oct 29 14:27:23 EDT 2004
Mark Osbourne wrote:
>>From what I can tell, it looks like I probably need to update
> /usr/bin/mimedefang.pl and change $Features{'Virus:CLAMD'} so that it is
> set to 1 and make sure that the clamd processes is running as the defang
> user and writing it's socket in /var/spool/MIMEDefang/clamd.sock.
I'm not sure if you are going to need to reinstall MIMEDefang.
However, documentation for MIMEDefang is proposing some not needed
changes for it to interoperate with ClamAV. I don't know why.
All clamd needs is read access to the file that it is supposed to scan.
That can be done by adding user clamav (that clamd is running under)
to group defang (/var/spool/MIMEDefang is owned and readable by group
defang, if not than make it that way).
Also you don't need to change ClamAV socket. Actually, you can't
because /var/spool/MIMEDefang will not be writtable for clamd. You can
leave it at its default value (/var/run/clamav/clamd.sock) and use
$ClamdSock variable in mimedefang-filter to point MIMEDefang to the
right place.
That way you will achieve:
- two daemon processes (MIMEDefang and ClamAV) will be separated, which
is nice from security point of view
- you run ClamAV in more or less default mode, which makes it easier to
maintain
- makes it possible to use clamd from other appliactions
(/var/spool/MIMEDefang is not world accessible, /var/run/clamav is world
accessible)
IMHO, this is better and much cleaner configuration than the one
proposed by MIMEDefang documentation.
--
Aleksandar Milivojevic <amilivojevic at pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
More information about the MIMEDefang
mailing list