Am 05.10.2016 um 20:37 schrieb Alex:
[root@mail-gw:/etc/clamd.d]$ cat scan.conf | grep OLE2BlockMacros
OLE2BlockMacros no
[root@mail-gw:/etc/clamd.d]$ cat scan-sa.conf | grep OLE2BlockMacros
OLE2BlockMacros yes
Reindl, I appreciate your input, but I can't just outright reject docs
with macros. We're also talking about password-protected Word
documents here, not macro documents
guess why i fixed the clamav-plugin for spamassassin and there are *two*
instances like you can see above...
reject is above 8.0 and the rest is done by bayes to avoid FP and other
rules to make sure it's crap
Can you explain how you configured systemd to start two instances of
the same clamd binary using different config files?
by just use two different ExecStart= calls in the unit files
nothing easir than start a dozen of indentical binaries with different
configurations, be it clamd, spamd, mysqld, httpd.... with systemd
[root@mail-gw:~]$ ps aux | grep clamd
clamscan 1140 0.3 12.3 895344 498072 ? SNsl Okt03 10:39
/usr/sbin/clamd -c /etc/clamd.d/scan-sa.conf
clamscan 1160 0.3 10.7 858048 435668 ? SNsl Okt03 10:47
/usr/sbin/clamd -c /etc/clamd.d/scan.conf
[root@mail-gw:/etc/systemd/system]$ cat clamd.service
[Unit]
Description=ClamAV Scanner Daemon
[Service]
Type=forking
Environment="TMPDIR=/tmp"
Environment="LANG=en_GB.UTF-8"
ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan.conf
ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID
Restart=always
RestartSec=1
Nice=5
User=clamscan
Group=clamilt
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=no
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
delete_module fanotify_init finit_module get_mempolicy init_module
io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
open_by_handle_at perf_event_open pivot_root process_vm_readv
process_vm_writev ptrace remap_file_pages request_key set_mempolicy
swapoff swapon umount2 uselib vmsplice
ReadOnlyDirectories=/
ReadWriteDirectories=/run/clamd.scan
ReadWriteDirectories=/run/clamd
ReadWriteDirectories=/var/log
ReadWriteDirectories=/tmp
___________________________________________________________
[root@mail-gw:/etc/systemd/system]$ cat clamd-sa.service
[Unit]
Description=ClamAV Scanner Daemon for SpamAssassin
Before=spamassassin.service
[Service]
Type=forking
Environment="TMPDIR=/tmp"
Environment="LANG=en_GB.UTF-8"
ExecStart=/usr/sbin/clamd -c /etc/clamd.d/scan-sa.conf
ExecReload=/usr/bin/kill -SIGUSR2 $MAINPID
Restart=always
RestartSec=1
Nice=5
User=clamscan
Group=clamilt
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=no
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
delete_module fanotify_init finit_module get_mempolicy init_module
io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
open_by_handle_at perf_event_open pivot_root process_vm_readv
process_vm_writev ptrace remap_file_pages request_key set_mempolicy
swapoff swapon umount2 uselib vmsplice
ReadOnlyDirectories=/
ReadWriteDirectories=/run/clamd.scan
ReadWriteDirectories=/run/clamd
ReadWriteDirectories=/var/log
ReadWriteDirectories=/tmp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
