"touch" should never work in the spool directory - clamd is reading files and deciding whether they are infected, so it should never try to create a file. You have set the permissions to make the directory group readable, not group writable, and this is correct.
You need to ensure that the spool directories are also created group readable, so turn on "-d" to keep the temporary directories for a short time so you can see that the permissions are correct. Once you have a few to test with, su to your clamav user, cd to the spool directory, and run clamdscan on the INPUTMSG to ensure that the daemon can read it. The odds are that your MD_ALLOW_GROUP_ACCESS is not taking effect, so the working directories are not accessible by clamdscan. Paul. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Cliff Hayes Sent: 13 October 2014 23:01 To: [email protected] Subject: Re: [Mimedefang] Fwd: Re: clamav vs clamd vs clamscan Did what you said and I can't touch a new temp file in /var/spool/MIMEDefang ... permission denied ... but clamd appears to be running as clamav su -s /bin/bash clamav bash-4.1$ cd /var/spool/MIMEDefang bash-4.1$ ls -l total 8 -rw-r----- 1 defang defang 5 Oct 13 16:50 mimedefang-multiplexor.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang-multiplexor.sock -rw------- 1 defang defang 5 Oct 13 16:50 mimedefang.pid srwxrwx--- 1 defang defang 0 Oct 13 16:50 mimedefang.sock bash-4.1$ vi mimedefang.pid bash-4.1$ touch temp touch: cannot touch `temp': Permission denied bash-4.1$ su root Password: [root@sendmail MIMEDefang]# ps aux | grep clamd clamav 1652 0.0 3.5 518068 288956 ? Ssl 16:50 0:00 /usr/local/sbin/clamd root 1838 0.0 0.0 103256 848 pts/2 S+ 16:59 0:00 grep clamd On 10/13/2014 4:54 PM, Les Mikesell wrote: > su -s /bin/bash clamav _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang ------------ Scanned by MIMEDefang - s9DM4mDX006711 Report as SPAM: http://www.ousekjarr.org/learn.php?msg=s9DM4mDX006711 _______________________________________________ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
