Beta release 4.61.1

Rick Cooper rcooper at dwford.com
Sun Jun 3 14:45:18 IST 2007


 

> -----Original Message-----
> From: mailscanner-bounces at lists.mailscanner.info 
> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf 
> Of René Berber
> Sent: Sunday, June 03, 2007 1:04 AM
> To: mailscanner at lists.mailscanner.info
> Subject: Re: Beta release 4.61.1
> 
> Rick Cooper wrote:
> 
> > Those were there for the clamdscan (I didn't put them 
> there). Frankly if you
> > use the default settings clamd is run as root so it's not 
> relevant. However
> > if you do configure clamd to drop privileges and run as 
> another user it
> > would matter. That is why I didn't remove those option but 
> I think the
> > explanation needs altered so it's clear that it doesn't 
> matter if you are
> > running clamd in the default manner which is as root. My 
> own setup has clamd
> > listening to both a UNIX socket and the standard port on 
> 127.0.0.1. The only
> > time this would/should be different would be the case where 
> you have clamd
> > running on a different host in which case you would, of 
> course, have to use
> > TCP and it might be running as a non root user.
> 
> OK, thanks for your replies.
> 
> It's working fine after the change.
> -- 
> René Berber
> 

So I would question the list on what they think would be the least confusing
explaination here:

# Note: If the "Run As User" is not "root" then you cannot change the
#       user but may still be able to change the group, if the
#       "Run As User" is a member of both of the groups "Run As Group"
#       and "Incoming Work Group".
# Note: If the "Run As User" is "root" (or not set at all) and you are
#       using the "clamd" virus scanner (, then this must be set:
#       Incoming Work Group = clamav
#       Incoming Work Permissions = 0640
Incoming Work User =
Incoming Work Group =

If you are running clamd as root, this is moot. If you are dropping
privleges then this would need set to the clamd user (not necessarily
clamav, but would be the recommendation from the docs IIRC).

How about:

	# Note: If the "Run As User" is not "root" you cannot change the
	#	 user but may still be able to change the group, if the 
	#	 "Run As User" is a member of both of the groups "Run As
Group"
	#	 and "Incoming Work Group"
	# Note: If the "Run As User" is "root" (or not set at all) and you
are
	#	 using the "clamd" virus scanner AND clamd is dropping
privileges
	#	 (not running as root), then this must be set to the group
clamd 
	#	 is using (from your clamd.conf), example:
	#	 Incoming Work Group = clamav 
	#	 Incoming Work Permissions = 0640
	Incoming Work User =
	Incoming Work Group = 

Rick


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list