Clamav + amavisd-new
Jan-Frode Myklebust
janfrode at tanso.net
Sun Mar 13 18:54:01 UTC 2011
On 2011-03-12, Kevin Fenzi <kevin at scrye.com> wrote:
>
> Anyhow, yeah, if we could add the wrapper thing that amavisd-new needs
> that might be a quick solution.=20
Just tested now by copying /usr/share/clamav/clamd-wrapper from the
old installation to the new.
First problem:
Mar 13 18:49:50 asav clamd[23281]: Can't save PID in file /var/run/clamd.amavisd/clamd.pid
(actually the same problem with old clamd-installation). So i manually
created this directory, and things seems to be working.
>
> What runs as 'clam'? clamd?
Yes.
>
> yes, thats true. It does mean the clam user could modify the db files,
> but the additional security here I don't know is worth it.
.. and if we can get in the /usr/share/clamav/clamd-wrapper, running
the virus-scanner as amavis instead becomes trivial.
> If you wish to seperate things like that, I would suggest running
> clamscan instead as whatever user.=20
clamscan is waay too slow on a busy mailserver.
>
> * clamav packaged the new way on 4/5/6
> * amavisd-new packaged to use that on 4/5/6
>
> How we get there is up to the maintainers... I know several people were
> looking at amavisd-new. Perhaps we could get everyone together at an
> irc meeting and hash out what needs to happen?
1 - Add back /usr/share/clamav/clamd-wrapper to the clamd-package + possibly
the README-file /usr/share/doc/clamav-server-0.96.1/README which explains
how to set up individual clamd-instances:
http://blag.tanso.net/code/clamav.spec
http://blag.tanso.net/code/clamav-0.97-4.el6.src.rpm
It's maybe not pretty to put this in %{_prefix}/share/clamav/, but IMHO it's
needed for compatibility with older packaging and existing installations on
EL4/5.
2 - Modify amavisd-new from f14 to create the directory /var/run/clamd.amavisd
(it's already adding the service "clamd.amavisd" which use this directory).
3 - Make amavisd-new not use "PidFile /var/run/amavisd/clamd.pid" in
/etc/clamd.d/amavisd.conf, since it's using the wrapper which overrides
this pidfile anyway.
I'll get #2/#3 done as well, but would appreciate if someone could sponsor
me as a fedora maintainer, so that can also get this submitted to EPEL properly.
-jf
More information about the epel-devel
mailing list