[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan
nlindq at maei.ca
Thu Oct 9 12:35:03 EDT 2014
-----BEGIN PGP SIGNED MESSAGE-----
On 10/9/2014 8:37 AM, Kevin A. McGrail wrote:
> On 10/9/2014 10:28 AM, Cliff Hayes wrote:
>> Thanks to this list I am making progress :) Now clamd is failing
>> due to this... Wed Oct 8 16:32:20 2014 -> WARNING: lstat()
>> failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work
>> ...I'm assuming this is because the mimedefang working directory
>> is owned by defang and clamd runs as clamav. I fixed by running
>> clamd as root ... is this the preferred solution or is there a
>> better way?
> In general, you don't want daemons running as privileged users.
> I run clamd as the same user as I run MD and that would be my
> recommendation as well.
If you're building clamav from source that's pretty easily maintained,
but if you're using clamav from one of the third-party repositories I
like to mess with it as little as possible (so that it doesn't get
broken on version updates) and instead do a little more upfront
configuration with MD.
The RPMForge clamav packages use clamav.clamav, so I do the following:
1. Add the clamav user to the defang group;
2. Make sure that "AllowSupplementaryGroups yes" line exists in
3. Change mode for MD spool directory (on tmpfs of course) to 750;
4. Configure MD to create group readable working files (-G option to
5. Tweak other MD settings as necessary (location of clamd.sock, etc.)
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)
-----END PGP SIGNATURE-----
More information about the MIMEDefang