Betr.: Owner/group/perms on /var/spool/MailScanner keep clamav from scanning

Arjan Melein Amelein at dantumadiel.eu
Tue Nov 20 12:27:53 GMT 2012


I have the incoming work group set to 'postfix' and unless you are using clamd instead of clamscan the AV will be launched as the same user MailScanner runs as which is 'postfix'.
If you are running with clamd i'd suggest trying to run it as postfix as an easy fix, or add the clam user to the postfix group.
If you're using clamscan change the work group to postfix.
I actually have the permissions set to 0660, forgot if this is to fix AV problems or something to do with MailWatch.. its been a while since I installed our running machine.

-
Arjan

>>> Op 20-11-2012 om 12:55 is door Martijn <mailinglist at mindconnect.nl>
geschreven:
> Hi there,
> 
> In MailScanner.conf, I can set the user/group under which MailScanner 
> should do it's work. I'm using Postfix, which is running as user 
> postfix, so this is set to:
> 
> Run As User = postfix
> Run As Group = postfix
> 
> Then I can set the path, user, group and permissions for the Work Dir. I 
> use clamav with user clamav for clamscan and clamdscan, so I set this to:
> 
> Incoming Work Dir = /var/spool/MailScanner/incoming
> Incoming Work User = (empty so this is postfix, taken from Run As User)
> Incoming Work Group = clamav
> Incoming Work Permissions = 0640
> 
> This is as suggested in de configuration. In addition I also needed to 
> adjust my apparmor configuration to allow clamav to scan in that directory.
> 
> Now the problem I have doesn't seem related to the permissions for the 
> Work Dir, but to a higher directory. Every time MailScanner is 
> restarted, it (re)sets to owner for /var/spool/MailScanner to 
> postfix:postfix. The permissions on this dir are 640, not allowing the 
> user clamav entry to the lower /var/spool/MailScanner/incoming.
> 
> If /var/spool/MailScanner is postfix:clamav, all works fine.
> 
> Should the permissions on /var/spool/MailScanner be 640, and if so, how 
> can the suggested settings work combined with the reset of the 
> permissions on the higher directory?
> 
> This is on Ubuntu 10.04 with a recent MailScanner .deb from Baruwa.
> 
> - Martijn






More information about the MailScanner mailing list