Dumaru again

Stephan Ilaender mailscanner at LAYLINE.DE
Fri Mar 26 10:22:15 GMT 2004


am 26.03.2004 schrieb Spicer, Kevin zum Thema
 ## RE: Dumaru again ##

> Stephan Ilaender wrote:
> > am 26.03.2004 schrieb Spicer, Kevin zum Thema
> > just a quick clarification here:
> >
> > --no-archive
> >               Disable archive support built in libclamav.
> >
> > this means internal support for zip is disabled - an archive will
> > still be unpacked and scanned using the command line tools provided
> > by the OS. As an example:
>
> Right, but if the external unpacker doesn't work, you aren't going to spot it.
>  There is a good reason why the external unpacker might fail...
>
> When running as root clamav drops privileges to another user (usually user
> clamav, group clamav).  Because MailScanner runs as root (with sendmail
> anyway) this can prevent external unpackers from working (as it tends to use
> /root/tmp for temp files).  Julian kindly included my adapted clamav-wrapper
> in recent releases which addresses this issue.  To make sure everything will
> work make sure you have the most recent wrapper script and follow the
> instructions in the comments in it (you need to change a couple of settings in
> MailScanner.conf).
>

right, i will have a go with the newest wrapper - but as stated before: simply
attaching the virus does ring mailscanners bells - so it's not really a
privilege matter.

regards,
Stephan



More information about the MailScanner mailing list