Il mer, 2004-09-15 alle 19:46, Olivier Dony ha scritto: > On Sep 15, 2004, at 2:47 PM, Dario Lesca wrote: > > Thanks Olivier, I have use this metod and this resolve the Q-S problem, > > but clamd not work propertly. > > Then it is a problem with clamd, not Q-S anymore ;-) > What is wrong with clamd exactly when you make it run as qscand? It's > working > fine on my systems.
I use this rpm: http://crash.fce.vutbr.cz/crash-hat/1/clamav/clamav-0.75.1-1.i386.rpm and the folder /var/run/clamav have the access in write only for clamav [EMAIL PROTECTED] clamav]$ ls -ld /var/run/clamav drwxr-xr-x 2 clamav clamav 4096 16 set 13:03 /var/run/clamav then, the logrotation procedure set the permission of log file to 640, and in this way the process when reopened the file (kill -HUP ...) is not able to do (whitout restart, in this way is able to open the file) for this I do the little modify before show. > > > I have do this command for resolve the problem: > > a) process pid file > > b) log rotations > > > > ------- > > usermod -G clamav qscand > > chmod g+w /var/run/clamav > > perl -p -i -e 's/create 640/create 660/' /etc/logrotate.d/clamd > > ------------- > > > > Is this a potential security issue? > > Sorry I am not sure I understand what you mean. You put qscand in the > group clamav, > and then gave group-write permission on the clamav run directory and > log files? > Why not simply chown the files to qscand? Basically you do not use the > user "clamav" anymore, > and replace it with qscand everywhere. > i.e: 'chown -R qscand /var/run/clamav' etc.. freshclam run whit user clamav. this seem to me the minimal modification that I could make > > But anyway what you did should not be a security issue, since both the > qscand and clamav group/user are normally restricted to their relevant > process, and the other Yes, it is. > Olivier Thanks Olivier -- Dario Lesca <[EMAIL PROTECTED]> ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ Qmail-scanner-general mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general
