Re: [exim] Problems using ClamAV

On Wed, 3 Sep 2008, Graeme Fowler wrote:

> From: Graeme Fowler <graeme@???>
> To: exim-users@???
> Date: Wed, 03 Sep 2008 09:43:23 +0100
> Subject: Re: [exim] Problems using ClamAV
>
> On Wed, 2008-09-03 at 09:44 +0200, exim@??? wrote:
> > I'm getting the following error for all mail deliveries:
> >
> > 2008-09-03 09:42:53 1Kan0v-0003eF-E8 malware acl condition: clamd: ClamAV returned /var/spool/exim/scan/1Kan0v-0003eF-E8: lstat() failed. ERROR
> >
> > What did I miss?
>
> Make sure the user the clamd process runs as has access to the Exim
> spool; the best way to do this is to run Exim and ClamAV as the same
> user. There's an option in the Clam config file to set the user.

Hmmm, that gives the clamd process read/write access to to the exim
spool whereas it only needs read access.

By default the mode of files in the input spool is 0640, ie the exim
group has read access. So I'd prefer to make the clamav user a
member of the exim group by setting something like:

exim:*:120:clamav

in /etc/group. Then you can set:

AllowSupplementaryGroups yes

in /etc/clamd.conf to ensure the clamd process knows it's a member
of the exim group.
-- 
Dennis Davis, BUCS, University of Bath, Bath, BA2 7AY, UK
D.H.Davis@???               Phone: +44 1225 386101