[Mimedefang] defang running as postfix user

ADNET Ghislain gadnet at aqueos.com
Tue Dec 1 17:12:33 EST 2009

>> hi,
>> I have some little security question regarding mimedefang configuration as i 
>> have issue running clamav and postfix with it because of socket owner's right.
>> Do you know if  there is  any security risk to run defang as the postfix user ?
>> Same question if i run mimedefang as the clamav user ?
> Normally, "mimedefang" is run as user "defang", "postfix" is run as "postfix" and "clamav" is
> run as user "defang" because it is "mimedefang" that calls "clamav". There may be other ways too.
> Depends on your requirements and situation.
yes the problem is that for a simple setup we need to:

- change the postfix/mimedefang init script to change the owner of the 
- change the clamav config to use defang user and then change the files 
to be owned by defang and restart them all.

I wondered if there was not a better solution. Supplementary group seems 
to be completly not working in clamav, all tests done lead to suffering 
and no to filtering , same thing i find no other solution to the postfix 
"do not run as root" issue with mimedefang socket ;)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3529 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.mimedefang.org/pipermail/mimedefang_lists.mimedefang.org/attachments/20091201/789847e8/attachment-0003.bin>

More information about the MIMEDefang mailing list