hi,I have some little security question regarding mimedefang configuration as i have issue running clamav and postfix with it because of socket owner's right.Do you know if there is any security risk to run defang as the postfix user ? Same question if i run mimedefang as the clamav user ?Normally, "mimedefang" is run as user "defang", "postfix" is run as "postfix" and "clamav" is run as user "defang" because it is "mimedefang" that calls "clamav". There may be other ways too. Depends on your requirements and situation.
yes the problem is that for a simple setup we need to:- change the postfix/mimedefang init script to change the owner of the socket - change the clamav config to use defang user and then change the files to be owned by defang and restart them all.
I wondered if there was not a better solution. Supplementary group seems to be completly not working in clamav, all tests done lead to suffering and no to filtering , same thing i find no other solution to the postfix "do not run as root" issue with mimedefang socket ;)
regards, Ghislain.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
