[Mimedefang] Fwd: Re: clamav vs clamd vs clamscan

[Nels Lindquist]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/9/2014 8:37 AM, Kevin A. McGrail wrote:
> On 10/9/2014 10:28 AM, Cliff Hayes wrote:
>> Thanks to this list I am making progress :) Now clamd is failing
>> due to this... Wed Oct  8 16:32:20 2014 -> WARNING: lstat()
>> failed on: /var/spool/MIMEDefang/mdefang-s98LWK78002037/Work 
>> ...I'm assuming this is because the mimedefang working directory
>> is owned by defang and clamd runs as clamav. I fixed by running
>> clamd as root ... is this the preferred solution or is there a
>> better way?
> In general, you don't want daemons running as privileged users.
> 
> I run clamd as the same user as I run MD and that would be my 
> recommendation as well.

If you're building clamav from source that's pretty easily maintained,
but if you're using clamav from one of the third-party repositories I
like to mess with it as little as possible (so that it doesn't get
broken on version updates) and instead do a little more upfront
configuration with MD.

The RPMForge clamav packages use clamav.clamav, so I do the following:

1.  Add the clamav user to the defang group;
2.  Make sure that "AllowSupplementaryGroups yes" line exists in
clamd.conf;
3.  Change mode for MD spool directory (on tmpfs of course) to 750;
4.  Configure MD to create group readable working files (-G option to
multiplexor);
5.  Tweak other MD settings as necessary (location of clamd.sock, etc.)


- -- 
Nels Lindquist
<nlindq at maei.ca>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (MingW32)

iEYEARECAAYFAlQ2uTMACgkQh6z5POoOLgTQ7gCfcTy7STyd7DnCN69QLV0bF5kw
lZEAniMntSg+spQ3yoJpXJ3M2oQj+g5/
=tZ5N
-----END PGP SIGNATURE-----