[Mimedefang] Is it yet possible to run clamd (with mimedefang) as a different user?
Sven Willenberger
sven at dmv.com
Tue Jan 25 11:38:24 EST 2005
On Tue, 2005-01-25 at 10:07 -0500, Lee Dilkie wrote:
> Hi all,
>
> I just upgraded my clamav (freebsd, ports) and again, it changed the
> permissions on some of it's directories and caused it to not start as
> user 'mailnull' (the same user that sendmail and mimedefang run as). I
> would rather let clamd run as the user it wants to (clamav user) and
> configure mimedefang/sendmail to allow this but my efforts did not work.
>
> If clamd runs as clamav, it cannot access the mimedefang spool files to
> scan the mail.
> If I change permission on the spool directories, sendmail complains that
> "local socket" is unsafe.
>
> I did add clamav to the 'mailnull' group (I assume editing the
> /etc/group file is sufficient).
>
> So, I *think* the problem is how to convince sendmail that a group
> readable/writable mimedefang spool directory is kosher. Anyone know the
> answer to this?
If you are using the freebsd ports system, you can upgrade your clamav
installation using portupgrade (which can be installed
from /usr/ports/sysutils/portupgrade). Simply edit
your /usr/local/etc/pkgtools.conf file and add:
MAKE_ARGS = {
'security/clamav' => 'CLAMAVUSER=mailnull
CLAMAV_CLAMD_SOCKET=/var/spool/MIMEDefang/clamd.sock',
}
or something similar. Then, whenever you want to upgrade simply issue
the portupgrade security/clamav command and you don't have to worry
about the owner and permissions changing all the time.
More information about the MIMEDefang
mailing list