Ed Phillips <[EMAIL PROTECTED]> writes: > On Thu, 20 Mar 2003, Dave Sill wrote: > > > This is pretty important limitation to using clamd/clamdscan. Is it > > documented? > > Sure... run "man intro" on most any Unix system and read the part about > permissions, uids, etc., ... ;-)
Very funny, Ed. I was referring to the fact that clamscan and clamdscan behave differently because clamd has to have access to the file, not just clamdscan. > Of course, for a process to be able to read ANY file on a Unix system the > process needs to be running with uid 0, or the files themselves need to > have proper permissions set. There's not really anything ClamAV can do to > change these simple facts. Did you think clamd would somehow be able to > bypass normal Unix file permissions? What would you like clamd to do > exactly? Well, I guess I thought clamdscan sent the file to clamd. Obviously I was wrong. > In our setup, we use sendmail + MIMEDefang + clamd. When the email > messages/attachments are broken out by MD to be scanned, they are owned by > the user that MIMEDefang runs as (in our case, "defang"). So, we just > make clamd run as "defang" so it can scan the mail files. Yes, that's exactly what I suggested in my message. The problem with that is that clamdscan then only works right for scanning files that that user has access to. If someone thinks clamdscan works just like clamscan[1], he probably won't expect clamd to silently skip files it can't access. -Dave Footnotes: [1] s/clamscan/clamdscan/ sound familiar? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
