See my reply to #636877, but basically one either has to make clamav a member of group postfix or set SOCKET_RWGROUP in /etc/default/clamav-milter but not in clamav-milter.conf.
> root@domine:/var/spool/postfix/clamav# grep Milter > /etc/clamav/clamav-milter.conf > MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl > MilterSocketGroup postfix > MilterSocketMode 660 clamav needs to be a member of group postfix so that it can set postfix group ownership for the milter socket. > s--------- 1 clamav clamav 0 Aug 6 19:20 clamav-milter.ctl Reproducing this problem, it seems that this is the behavior when clamav-milter cannot change the socket group ownership. There should be an error message "Failed to change socket ownership to group postfix" in syslog. > This is because the init.d script now does chgrp and chmod g+w, but > not more. And it does that as root. It seems the MilterSocket settings in clamav-milter.conf are applied by default after privileges are dropped, as clamav by default which can't change group ownership unless it is a member of the group. What works for me (besides adding clamav to group postfix, which might be an extra security risk?): $ grep Milter /etc/clamav/clamav-milter.conf MilterSocket /var/spool/postfix/clamav/clamav-milter.ctl #MilterSocketGroup postfix # handled by /etc/default/clamav-milter MilterSocketMode 660 $ ls -l total 0 srw-rw---- 1 clamav postfix 0 Oct 27 07:13 clamav-milter.ctl $ grep -v ^\# /etc/default/clamav-milter SOCKET_RWGROUP=postfix SOCKET_PATH=/var/spool/postfix/clamav/clamav-milter.ctl Since clamav-milter is started as root anyways and then drops privileges to user clamav in the default configuration, I would assume that the socket group ownership as specified in clamav-milter.conf could be changed earlier on as root, and that this would be the preferred fix (depending on upstream), obsoleting /etc/default/clamav-milter. Dara -- OCF: all-volunteer, student-run service group providing free printing, web hosting, disk space, email, and Unix shell accounts -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org