Re: [Qmail-scanner-general]clamdscan]

Tue, 16 May 2006 06:48:51 -0700 

Cristina Tanzi Tolenti wrote:



Yeah, the solution is to have it correctly run as the clamav user.  Did you 
add clamav to the qscand group?  Are the permissions of ALL directories clamav 
uses owned by the clamav user (log files, database directory, etc..)?


-Jim




Yes, I add clamav to qscand group (usermod -Gqscand clamav) and yes the 
permission of all directories of clamav are owned by clamav


[EMAIL PROTECTED] root]# ls -alt /var/log/clamav/
total 144
-rw-r-----    1 clamav   clamav       7268 May 16 15:15 freshclam.log
-rw-r-----    1 clamav   clamav     124490 May 16 15:12 clamd.log
drwxr-xr-x    2 clamav   clamav       4096 May 15 15:55 .
drwxr-xr-x    6 root     root         4096 May 15 15:50 ..

[EMAIL PROTECTED] root]# ls -alt /usr/local/share/clamav/
total 4500
drwxrwxr-x    2 clamav   clamav       4096 May 16 12:15 .
-rw-r--r--    1 clamav   clamav     638838 May 16 12:15 daily.cvd
-rw-rw-r--    1 clamav   clamav    3950054 Apr 21 22:15 main.cvd
drwxr-xr-x    5 root     root         4096 Jun 28  2004 ..
[EMAIL PROTECTED] root]#

[EMAIL PROTECTED] root]# ls -alt /var/run/clamav/
total 12
drwxr-xr-x    2 clamav   clamav       4096 May 16 15:20 .
-rw-rw----    1 clamav   clamav          5 May 16 15:20 clamd.pid
drwxr-xr-x    8 root     root         4096 May 16 07:04 ..


If I run clamd as qscand, clamdscan works perfectly so I think qmail-scanner 
2.01_ST_  didn't Change setuid to 6755





http://qmail-scanner.sourceforge.net/CHANGES

says:

Changed setuid to 6755 - ie it's now setuid and setgid. Forcing all
files to be group qscand will allow those who wish to do so to keep
their AV daemons running as other accounts. They just need to ensure
those daemons are members of the qscand group - and as such should be
able to read the necessary files.
e.g. clamd could run as "clamav", but as long as account "clamav" is a
member of group "qscand", clamd is able to read the mail enough to scan it.


But that is without the ST patch.  I dont see why this ability would
have been removed with the patch so i really dont think thats the problem.

What are the permissions of /var/spool/qscan/ ?

-Jim



-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Qmail-scanner-general mailing list
Qmail-scanner-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/qmail-scanner-general














    











					Reply via email to