Is this the default setting for clamd now? clamd_use_jit on Should we turn this on by default?
On a fresh install there is
# Bytecode mode # # This option has been set to 'ForceInterpreter' in Fedora due to # security concerns by default. You might need to enable the # 'clamd_use_jit' SELinux boolean after setting this option to the # more efficient 'ForceJIT' value. # # Default: ForceInterpreter #ByteCodeMode ForceInterpreter
We didn't change this, but had to change clamd_use_jit --> on.
Then I would open a bug with clamd.
I have done nothing, but install and configure clamav (scanner + server) and my logs are full of these: =======================8<=============================================== LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied LibClamAV Warning: Bytecode: disabling JIT because SELinux is preventing 'execmem' access. Run 'setsebool -P clamd_use_jit on'. =======================8<=============================================== I haven't had a chance to run the setsebool yet (I can't get access to the machine from work at the moment)
Are there any other bools I should set while I'm at it?
Mark