ClamAv 0.96 is out
Kai Schaetzl
maillists at conactive.com
Sat Apr 3 14:18:05 IST 2010
Mark Sapiro wrote on Fri, 02 Apr 2010 17:18:33 -0700:
> Each new MailScanner --lint is a new PID which tries to create a
> new incoming/ppppp directory, but it can't because the group doesn't
> have write permission on the incoming/ directory.
>
> But now I'm not sure if that's a correct explanation since MailScanner
> should have permission and clamd's pid should be fixed, but still I
> think the incoming/ directory should be g+w.
can
I think the point is that it worked before the upgrade, but not after. So,
it cannot have something to do with MailScanner not being able to write
that directory. It surely can! With the *old* permission settings. This is
clamd having some kind of traversal problem (that's also why Iulian's
temporary solution to set it to run as root works).
man lstat says you need x permissions for all directories in the path.
Everyone has down to incoming. The <PID> workdir has if you set to
Incoming Work Permissions = 0666 for instance. Now all directories except
the topmost can be traversed by anyone.
Conclusion: clamd is either not picking up the clamav group in this
context (although it's running as group clamav) or the bottom-most
directory gets different permission/group than the <PID> dir, such that an
x permission for the group or the clamav group is missing.
Kai
--
Get your web at Conactive Internet Services: http://www.conactive.com
More information about the MailScanner
mailing list