[Mimedefang] config for rpmforge rpm versions?

Kris Deugau kdeugau at vianet.ca
Fri Feb 22 17:39:13 EST 2008 

Les Mikesell wrote:
> I'm trying to update an ancient hand-built setup to CentOS5 with clamd 
> and mimedefang rpms from rpmforge.  Does anyone know the right way to 
> configure clamd so the permissions are right for mimedefang?  Just 
> changing the user and location of the socket seems to break freshclam's 
> ability to do updates.

I've had several setups working OK;  although when I try to convert one 
to the same setup as another machine I apparently miss something 
critical.  <g>

On a CentOS3 machine, I have clamd/freshclam running as user clamav as 
per the RPMForge package defaults.  The socket is in the nominal default 
/var/run/clamav/clamd.sock.

MD is installed from RPMForge as well, running as user defang.

Both the defang user and clamav user have been added to each others' 
groups.  IIRC you need to set /var/spool/MIMEDefang to 750 as well; 
with a current MD I don't think you need to fiddle any other permissions.

This is probably the "best", as you don't have to go around fiddling 
with filesystem permissions (/var/run/clamav, /var/clamav at least) 
every time you upgrade Clam.

On one CentOS 4 machine, I had the clamd socket in /var/run/clamav, but 
I had chown'ed that directory to defang, as well as /var/clamav (the 
Clam database directory), and clamd/freshclam both ran as defang. 
Somewhere along the line I got fed up with some of the fiddling to get 
clamd and MIMEDefang talking to each other after a ClamAV upgrade, so I 
moved the socket to match a third machine that has long had the socket 
in /var/spool/MIMEDefang.

Since mail service is pretty much the only thing these machines do, 
running Clam as the same user as MIMEDefang

With the last ClamAV update, I tried to get one of these machines set up 
the way the CentOS3 machine is, but I missed something, and mail wasn't 
moving so I set it back.

You may need to do some SELinux fiddling on CentOS5 as well;  I left it 
in "audit" mode on the CentOS4 machines.

There are a couple of other things in the RPMForge packages that I 
regularly delete/alter, but they're more "I like it this way" than 
anything else.

-kgd

More information about the MIMEDefang mailing list