Owner/group/perms on /var/spool/MailScanner keep clamav from scanning

[Martijn]

Hi there,

In MailScanner.conf, I can set the user/group under which MailScanner 
should do it's work. I'm using Postfix, which is running as user 
postfix, so this is set to:

Run As User = postfix
Run As Group = postfix

Then I can set the path, user, group and permissions for the Work Dir. I 
use clamav with user clamav for clamscan and clamdscan, so I set this to:

Incoming Work Dir = /var/spool/MailScanner/incoming
Incoming Work User = (empty so this is postfix, taken from Run As User)
Incoming Work Group = clamav
Incoming Work Permissions = 0640

This is as suggested in de configuration. In addition I also needed to 
adjust my apparmor configuration to allow clamav to scan in that directory.

Now the problem I have doesn't seem related to the permissions for the 
Work Dir, but to a higher directory. Every time MailScanner is 
restarted, it (re)sets to owner for /var/spool/MailScanner to 
postfix:postfix. The permissions on this dir are 640, not allowing the 
user clamav entry to the lower /var/spool/MailScanner/incoming.

If /var/spool/MailScanner is postfix:clamav, all works fine.

Should the permissions on /var/spool/MailScanner be 640, and if so, how 
can the suggested settings work combined with the reset of the 
permissions on the higher directory?

This is on Ubuntu 10.04 with a recent MailScanner .deb from Baruwa.

- Martijn