At 28/09/2004 28/09/2004 +0200, you wrote:
Simscan creates the working directory with a privilege of 700. in this way clamd
must run with the same owner of simscan to access the msg.
To complete the security of the system, clamd client should be activated by simscan user only.
Ok, I admit, I've lost a cople of hours to figure out why simscan rejected all my mails with a 500:
my clamd user was wrong (qscand).
I suggest, then, a line in the INSTALL doc:
check that clamd runs under the same simscan user.
I feel this design to be very safe, because clamd should be dedicated to e-mail only.
There should be more safety having them only accessing the files with the same uid/permissions.
I agree with you, clamd should be called only by simscan, but now,that simscan is new, everybody tries
to test it on servers configured for other solutions (ie qmailscan).
if simscan is a little friendly with other solutions it can can be tested and adopted very fast.
mod 755 means every one in the system may access those files.
Yes, that's a fact. But the directory is created processed by clamd and then removed.
Ciao,
Tonino
Ciao
Fa
To apply the change - search this
/* create the directory */ if ( mkdir(workdir, 0700) == -1 ) { _exit(EXIT_400); }
and replace with this
/* create the directory */ if ( mkdir(workdir, 0755) == -1 ) { _exit(EXIT_400); }
---------- Fa
------------------------------------------------------------ [EMAIL PROTECTED] Interazioni di Antonio Nati http://www.interazioni.it [EMAIL PROTECTED] ------------------------------------------------------------
