* plugins/virus/clamav

Improved documentation for running clamdscan correctly inside the
    qpsmtpd spool directory.

    Change file permissions to permit non-owner external process to access
    files inside spool directory


git-svn-id: https://svn.perl.org/qpsmtpd/trunk@372 958fd67b-6ff1-0310-b445-bb7760255be9
This commit is contained in:
John Peacock 2005-02-24 20:00:23 +00:00
parent c049917d8e
commit f95c2f8826

View File

@ -26,9 +26,21 @@ new installations should use the name=value form as follows:
Path to the clamav commandline scanner. Using clamdscan is recommended
for sake of performance. However, in this case, the user executing clamd
requires access to the qpsmtpd spool directory, which usually means either
running clamd as the same user, or changing the group ownership of the
spool directory to be the clamd group and changing the permissions to 0750
(this will emit warning when the qpsmtpd service starts up).
running clamd as the same user as qpsmtpd does (by far the easiest method)
or by doing the following:
=over 2
=item * Change the group ownership of the spool directory to be a group
of which clamav is a member or add clamav to the same group as the qpsmtpd
user;
=item * Enable the "AllowSupplementaryGroups" option in clamd.conf;
=item * Change the permissions of the qpsmtpd spool directory to 0770 (this
will emit warning when the qpsmtpd service starts up).
=back
Mail will be passed to the clamav scanner in Berkeley mbox format (that is,
with a "From " line).
@ -151,6 +163,13 @@ sub clam_scan {
}
seek($temp_fh, 0, 0);
my $mode = (stat($self->{_spool_dir}))[2];
if ( $mode & 07077 ) { # must be sharing spool directory with external app
$self->log(LOGWARN,
"Changing permissions on file to permit scanner access");
chmod $mode, $filename;
}
# Now do the actual scanning!
my $cmd = $self->{_clamscan_loc}." --stdout "
.$self->{_back_compat}