Re: [clamav-users] ClamAV on RHEL 6.8 (IBM Power 8 -PPC64)

Wed, 17 May 2017 01:15:08 -0700 


Am 17.05.2017 um 05:07 schrieb Kishore Pawar:

Thanks Carlos

I see what you saying. I checked my previous sessions and I found the below
one from the 'Oct 2016' session where I see that the clam-miller.socket is
owned by clamav:clamav, where as my latest one is owned by clamav:root. Is
it causing the below error? If so how can I make sure the socket gets
proper permissions?


man clamav-milter.conf


on a proper configured system there is no need to start any service 
which does not need to listen on ports below 1024 as root to start with

_____________________________________

/etc/mail/clamav-milter.conf
# usermod -a -G clamilt postfix
# usermod -a -G sa-milt postfix
User clamilt
AllowSupplementaryGroups yes
MilterSocket /run/clamav-milter/clamav-milter.socket
MilterSocketMode 0660
ClamdSocket unix:/run/clamd/clamd.sock
FixStaleSocket yes
_____________________________________

/etc/systemd/system/clamav-milter.service
[Unit]
Description=ClamAV Postfix-Milter
Wants=clamd.service
After=clamd.service
Before=postfix.service

[Service]
Type=simple
Environment="TMPDIR=/tmp"
ExecStart=/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf

User=clamilt
Group=clamilt

Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
Nice=5

PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallArchitectures=x86-64

SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime 
delete_module fanotify_init finit_module get_mempolicy init_module 
io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp 
kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages 
open_by_handle_at perf_event_open pivot_root process_vm_readv 
process_vm_writev ptrace remap_file_pages request_key set_mempolicy 
swapoff swapon umount2 uselib vmsplice


ReadOnlyDirectories=/
ReadWriteDirectories=-/run/clamav-milter
ReadWriteDirectories=-/run/clamd
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/log
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml



























					Reply via email to