update_spamassassin leaking descriptor

Chris Schanzle mailscanner at cas.homelinux.org
Tue Jan 4 17:10:10 GMT 2011


Hi,

On Fedora 14, I am getting selinux warnings as to what appears to be 
/etc/cron.daily/update_spamassassin leaking a file descriptor.  Before I 
realized that was a mailscanner cron job, I filed Fedora bugreport via 
sealert: <https://bugzilla.redhat.com/show_bug.cgi?id=666765>.  Please 
have a look, as they brought up a couple questions, first about closing 
the descriptor before the exec and second, using /tmp for a tempfile 
when the process runs as root is apparently discouraged.

Given Fedora's spamassassin already has /etc/cron.d/sa-update (once a 
day), is the proper on a Fedora system to edit "Disabled=yes" in 
/etc/cron.daily/update_spamassassin?  After doing so, 'rpm -V 
mailscanner' shows it as being a changed config file, so I think that 
change may stick through mailscanner upgrades.  It might be preferable 
to move the code which sources /etc/sysconfig/update_spamassassin to the 
top, and check if it's disabled that way.

Or should I disable Fedora's sa-update since it appears to be necessary 
(from /usr/sbin/update_spamassassin) to reload the MailScanner service 
after the sa-update?

And a nit in /etc/cron.daily/update_spamassassin - comments to "spread 
virus updates" - should be "anti-virus", but not in a spamassassin rules 
update script.  Looks like code+comments to pause random time was lifted 
from somewhere.

Thanks!



More information about the MailScanner mailing list