Ron White wrote:
*snip*
This part should have a new thread of its own if it is to be pursued.
>
> Moving on from that - today I turn my attention to Clamav and Exim and
> in particular SELinux on the Cent5 box. The installation was really easy
> but there are some issues with clam being able to access files in
> the /scan directory.
>
> This is a subject I know nothing about, but want to resist the
> temptation to do the defacto 'disable SELinux'. Luckily I have the
> weekend ahead to study and see if I can work it out. Wish me luck!
>
Not sure if it fits YOUR need, but we create a special group for our 'postal
workers' (Exim, ClamAV, SA, Dovecot, Prayer, et al), one OTHER THAN the
mail:mailnull or other legacy defaults.
Group rights on the fs, and matching EUID:EGID in the DB keep all those players
*and no others* in the same ring-fence.
JM2CW
Bill