[EMAIL PROTECTED] said: > RoNNY wrote: >> I simply changed my clamd.conf so that clamd now works as a TCP socket >> instead. > > Be aware there are security benefits to running as a Unix socket. For > example, if (God forbid!) a buffer overflow were ever found in clamd, it > would be much harder for a hacker to push through clamd.sock than it would > be to connect to a TCP socket. >
He is at least binding to localhost which should moderate that kind of exposure. If somebody with an evil mindset has an account on one's system or hacks in I'd bet my next paycheck any clam exploit is the least of one's worries :-) Some kind of authentication for communicating with the daemon would also be desirable - similar to BIND. Generally speaking, though, you're quite right. In my environment I have one active milter and it runs on a public net but is filtered in Checkpoint Firewall. That is the entrypoint for all my sendmail servers (5 servers, one milter, one set of logs). As all systems are symetrical any can serve as the milter server should there be a need for service or maintenance or even heavy load sharing. That milter does all the spam/behavior filtering and also calls clamd via a Unix socket. dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
