Centos 7 + Postfix + clamd at scan

Shawn Iverson iversons at rushville.k12.in.us
Mon Oct 9 19:08:03 UTC 2017


Let me rewrite that to look like yours....

echo "d /var/run/clamd.scan 0750 clamscan mtagroup -" >
/usr/lib/tmpfiles.d/clamd.conf

On Mon, Oct 9, 2017 at 3:06 PM, Shawn Iverson <iversons at rushville.k12.in.us>
wrote:

> Checking my notes...
>
> I have this, but I'm haven't gotten very deep into CentOS7 clam yet.
>
> echo "d /var/run/clamd.scan 0750 clamupdate matgroup -" >
> /usr/lib/tmpfiles.d/clamd.conf
>
> It is weird looking to me, but it is in my notes.
>
> On Mon, Oct 9, 2017 at 3:01 PM, Tracy Greggs <mailscanner-list at okla.com>
> wrote:
>
>> So what can be done about clamd at scan service creating
>> /var/run/clamd.scan folder as follows:
>>
>> drwx--x---   2 clamscan       mtagroup         80 Oct  7 16:07 clamd.scan
>>
>> The group permissions is creates the folder with are clearly a problem.
>>
>> Thanks :)
>>
>> Tracy
>>
>>
>> -----Original Message-----
>> From: MailScanner [mailto:mailscanner-bounces+mailscanner-list=
>> okla.com at lists.mailscanner.info] On Behalf Of Mark Sapiro
>> Sent: Saturday, October 7, 2017 1:59 PM
>> To: mailscanner at lists.mailscanner.info
>> Subject: Re: Centos 7 + Postfix + clamd at scan
>>
>> On 10/07/2017 11:40 AM, Shawn Iverson wrote:
>> > Is clamscan a member of the mtagroup group?
>>
>>
>> I don't think that's exactly the issue.
>>
>>
>> > On Sat, Oct 7, 2017 at 2:37 PM, Tracy Greggs <mailscanner-list at okla.com>
>> wrote:
>> >
>> ...
>> >
>> >     [root at test ~]# ls -la /var/run/clamd.scan/
>> >     total 4
>> >     drwx--x---  2 clamscan clamscan   80 Oct  7 13:25 .
>> >     drwxr-xr-x 41 root     root     1260 Oct  7 13:26 ..
>> >     -rw-rw-r--  1 clamscan clamscan    6 Oct  7 13:25 clamd.pid
>> >     srw-rw-rw-  1 clamscan clamscan    0 Oct  7 13:25 clamd.sock
>>
>>
>> The issue here is only the clamscan user or group can access clamd.pid
>> and clamd.sock and the group and MailScanner is not running as that user or
>> group.
>>
>>
>> >     [root at test ~]# cat /etc/group | grep clam
>> >     clamupdate:x:984:
>> >     virusgroup:x:983:clamupdate,clamscan,postfix
>> >     mtagroup:x:1002:postfix,mail,clamscan
>> >     clamscan:x:982:
>>
>>
>> What you want is the user/group of /var/run/clamd.scan to be mtagroup,
>> not clamscan. What you need is
>>
>> LocalSocketGroup mtagroup
>>
>> in /etc/clamav/clamd.conf
>>
>> --
>> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>> San Francisco Bay Area, California    better use your sense - B. Dylan
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>> ---
>> This email has been checked for viruses by Avast antivirus software.
>> https://www.avast.com/antivirus
>>
>>
>> --
>> This message has been scanned for viruses and
>> dangerous content by MailScanner, and is
>> believed to be clean.
>>
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>>
>
>
> --
> Shawn Iverson, CETL
> Director of Technology
> Rush County Schools
> 765-932-3901 x271 <(765)%20932-3901>
> iversons at rushville.k12.in.us
>
>
>


-- 
Shawn Iverson, CETL
Director of Technology
Rush County Schools
765-932-3901 x271
iversons at rushville.k12.in.us
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20171009/87055e7b/attachment.html>


More information about the MailScanner mailing list