MailScanner 5.0.2 on Debian Jessie

Jerry Benton jerry.benton at mailborder.com
Wed Jun 15 12:07:33 UTC 2016


The correct permission are set in the new MailScanner.conf.

Logic:

- /var/spool/MailScanner/* directories need to use group level
read/write permissions so that both your MTA and virus scanners can do
their work.

- The install script (or package scripts in .deb and .rpm) check for
common existing users and adds them to the mtagroup. (mail, clam,
clamav, sophos, postfix, exim, etc.)

- You should run your incoming work group as mtagroup

- You should run your incoming work permissions as 0660

- Your “Run As User” needs to be a member of the mtagroup

- AllowSupplementaryGroups is set to TRUE in clamd.conf so the daemon
will be allowed to access items with group level permissions that it
does not own but is owned by an entity in the same group. The fact
that AllowSupplementaryGroups is no longer supported must be new.

- With the testing I did, AllowSupplementaryGroups was valid on all
versions of clamav installed from each distribution.


On countless occasions people ask this list about permissions when
they encounter crazy stuff like clam’s .lstat() errors. If you follow
the new thought process that I put in place for v5, all of those
problems disappear.


-
Jerry Benton
www.mailborder.com
+1 - 844-436-6245


-----Original Message-----
From: Pascal Maes <pascal.maes at uclouvain.be>
Reply: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Date: June 15, 2016 at 6:39:47 AM
To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
Subject:  Re: MailScanner 5.0.2 on Debian Jessie

>
> > Le 15 juin 2016 à 01:24, Patrick Goupell a écrit :
> >
> > Has anyone tried instlling 5.0.2 on Debian Jessie? What results?
> >
> > Patrick
> >
> >
> > --
> > MailScanner mailing list
> > mailscanner at lists.mailscanner.info
> > http://lists.mailscanner.info/listinfo/mailscanner
> >
>
>
>
> I just made the update form 5.0.1 to 5.0.2
>
>
> - the owner and the group of the folders /var/spool/MailScanner/{archive,incoming,quarantine}
> are changed to mail and mtagroup
> even if we have defined other values in MailScanner.conf
>
> MailScanner[9051]: Cannot create temporary Work Dir /var/spool/MailScanner/incoming/9051.
> Are the permissions and ownership of /var/spool/MailScanner/incoming correct?
>
>
> - ClamAV has been updated as well and one parameter (AllowSupplementaryGroups) is no
> longer supported
>
> ERROR: Parse error at line 8: Unknown option AllowSupplementaryGroups
>
>
>
> Except these, all is working as before (or better).
>
>
> --
> Pascal
>
>
>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>


More information about the MailScanner mailing list