On Tue, 17 Jan 2006 at 10:21:06 -0600, Bryan K. Walton wrote: > Hi, > I have a mail server setup using postfix, procmail, and > clamav. Mail is delivered to the postfix server and procmail handles > the local delivery. I have procmail configured to run clamdscan on > all mail larger than 15000 bytes. However, I'm having problems that > seem like permission problems that prevent clamdscan from working. On > every message, my procmail log shows: > > connect(): Permission denied > ERROR: Can't connect to clamd. > > Now, I've checked all of my permissions (I think), and I'm not sure > what else to be checking. Here are all of my permissions:
The user who "runs" clamd must have access to scanned files. [...] > [EMAIL PROTECTED]:/usr/var/clamd# ls -la /var/run/clamd/clamd.pid > -rw-rw---- 1 clamav clamav 4 Jan 17 09:18 /var/run/clamd/clamd.pid Seems that clamd is run as user "clamav" (this is usually the good thing, but maybe not in your setup). > [EMAIL PROTECTED]:/usr/var/clamd# chgrp other /usr/local/bin/procmail > [EMAIL PROTECTED]:/usr/var/clamd# ls -la /usr/local/bin/procmail > -rwsr-sr-x 1 root other 82968 Mar 26 2003 /usr/local/bin/procmail BTW, I don't know if making procmail "setuid" and "setgid" this way was your intention. And seems it doesn't help anyway. If mail is scanned when it's already owned by particular users (not clamav), then clamd can't access them. I don't know if it's the best setup for using procmail for scanning mail, but maybe you'll have to run clamd as root. Note that generally it's not the best idea (due to security reasons). Especially (but not only) if untrusted users have shell accounts on the server). -- Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only tomek at lodz.tpsa.pl http://www.lodz.tpsa.pl/iso/ | ones and zeros. tomek at clamav.net http://www.ClamAV.net/ A GPL virus scanner _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
