[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

Nels Lindquist nlindq at maei.ca
Thu Oct 9 12:35:03 EDT 2014

Hash: SHA1

On 10/9/2014 8:37 AM, Kevin A. McGrail wrote:
> On 10/9/2014 10:28 AM, Cliff Hayes wrote:
>> Thanks to this list I am making progress :) Now clamd is failing
>> due to this... Wed Oct  8 16:32:20 2014 -> WARNING: lstat()
>> failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work 
>> ...I'm assuming this is because the mimedefang working directory
>> is owned by defang and clamd runs as clamav. I fixed by running
>> clamd as root ... is this the preferred solution or is there a
>> better way?
> In general, you don't want daemons running as privileged users.
> I run clamd as the same user as I run MD and that would be my 
> recommendation as well.

If you're building clamav from source that's pretty easily maintained,
but if you're using clamav from one of the third-party repositories I
like to mess with it as little as possible (so that it doesn't get
broken on version updates) and instead do a little more upfront
configuration with MD.

The RPMForge clamav packages use clamav.clamav, so I do the following:

1.  Add the clamav user to the defang group;
2.  Make sure that "AllowSupplementaryGroups yes" line exists in
3.  Change mode for MD spool directory (on tmpfs of course) to 750;
4.  Configure MD to create group readable working files (-G option to
5.  Tweak other MD settings as necessary (location of clamd.sock, etc.)

- -- 
Nels Lindquist
<nlindq at maei.ca>
Version: GnuPG v2.0.20 (MingW32)


More information about the MIMEDefang mailing list