Tomasz Papszun wrote:
[...]
It is important to start clamd with a user id that has
enough privileges to scan the files that are submitted to it. In your
case that would appear to be what ever user Amavisd runs as.
Even better:
create a separate user:group for clamav, add that user to amavisd's
group (by means of the /etc/group entry like "amavis:x:105:clamav") and
use AllowSupplementaryGroups in clamd.conf. This way clamd will be able
to read amavisd's files without giving to amavisd too much power over
clamd.
That is an excellent suggestion. I wouldn't have guessed it could be
explained so well in one paragraph. I'm saving it :)
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
