Ralf Hildebrandt wrote: > * Dennis Peterson <[EMAIL PROTECTED]>: > >>> amd thus it's subject to the same limitations (e.g. amavisd-new must >>> have right to access the clamd socket). This is the numver one problem >>> of the amavisd-new / clamd combo. >>> >> Why can't you just configure clamd to run as the amavisd user? > > Of course you can do that. But you do have to configure something > somewhere -- either clamd OR amavisd-new. >
That is true no matter what milter/clamav pair you use. The problem goes away if you use IP sockets rather than Unix sockets - or rather the problem is modified. No special permissions are needed to use an IP socket but now it becomes a matter of clamd having authority to open the submitted file in read-only mode. The next option avoids all ownership/permissions problems, and that is to use IP socket connections and stream the file data to clamd rather than giving it a path to a file. And I realize you know all this but some readers may not. In my environment I use J-Chkmail milter and have configured it and clamv to use the same user ID and they communicate via a Unix socket. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
