On 16/05/2021 16:37, Luc Pardon wrote:
On Sat, 15 May 2021 17:29:40 +0100 Dominic Raferd <[email protected]> wrote:I believe that if you use the new preferred way of calling clamav i.e. with --fdpass, the whole permissions issue disappears. Example: @av_scanners = ( ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}", [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ], );Thanks, but no, it does not work, I still get "Permission denied". The wording is a little different, but the meaning is the same: no go. That makes sense. In fact, clamdscan is just a client for clamd, and it will talk to the daemon over the same socket that amavisd would use if it talked directly to clamd. And because the client is run by amavisd (after dropping privileges), it can't have more access than amavisd itself...
The default setting for the clamav socket is to be world-readable and world-writeable. In Ubuntu (and Debian?) this is set explicitly (but presumably unnecessarily) in clamd.conf thus:
LocalSocketMode 666 Do you have mode 660?
