[Pkg-clamav-devel] Bug#636877: /etc/default/clamav-milter no longer used

Dara Adib daradib at OCF.Berkeley.EDU
Thu Oct 27 13:35:06 UTC 2011


To make clamav-milter work with Postfix it seems that one either has to
make clamav a member of group postfix (so that it can set postfix group
ownership for the milter socket as specified in clamav-milter.conf,
I'm not sure if this expected behavior) or set SOCKET_RWGROUP
in /etc/default/clamav-milter and have the init.d script handle it as
root.

from /etc/clamav/clamav-milter.conf:
MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl
MilterSocketGroup postfix
MilterSocketMode 660

Unless clamav is a member of group postfix, this will fail, setting
socket permissions to 000 with error message "Failed to change socket
ownership to group postfix".

On the other hand,

from /etc/default/clamav-milter:
SOCKET_RWGROUP=postfix
SOCKET_PATH=/var/spool/postfix/clamav/clamav-milter.ctl

will work because the init.d script is executed as root.

from /etc/init.d/clamav-milter:
change_socket_group()
{
  local socket; socket="$1"
  local group; group="$2"
  local retries; retries=${3:-15}
  local sleeptime; sleeptime=${4:-1}

  [ -n "$group" ] || return 0

  if wait_for_socket "$socket" $retries $sleeptime; then
    chmod g+w "$SOCKET_PATH"
    chgrp "$SOCKET_RWGROUP" "$SOCKET_PATH"
  else
    log_warning_msg "Tried to change socket group, but socket did not
  appear."
  fi
}

Or there might be something I'm overlooking or have misconfigured.

Dara

-- 
OCF: all-volunteer, student-run service group providing
free printing, web hosting, disk space, email, and Unix shell accounts





More information about the Pkg-clamav-devel mailing list