git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@351 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/28 00:27:11... | ... |
@@ -69,16 +69,16 @@ See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
69 | 69 |
Installations for RedHat Linux and it's derivatives such as YellowDog: |
70 | 70 |
Ensure that you have the sendmail-devel RPM installed |
71 | 71 |
Add to /etc/mail/sendmail.mc: |
72 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
72 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
|
73 | 73 |
define(`confINPUT_MAIL_FILTERS', `clamav') |
74 | 74 |
|
75 | 75 |
Check entry in /usr/local/etc/clamav.conf of the form: |
76 |
- LocalSocket /var/run/clamd.sock |
|
76 |
+ LocalSocket /var/run/clamav/clamd.sock |
|
77 | 77 |
StreamSaveToDisk |
78 | 78 |
|
79 | 79 |
If you already have a filter (such as spamassassin-milter from |
80 | 80 |
http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
81 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
81 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
|
82 | 82 |
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
83 | 83 |
define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
84 | 84 |
|
... | ... |
@@ -94,14 +94,16 @@ I suggest putting SpamAssassin first since you're more likely to get spam |
94 | 94 |
than a virus/worm sent to you. |
95 | 95 |
|
96 | 96 |
Add to /etc/sysconfig/clamav-milter |
97 |
- CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
97 |
+ CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clmilter.sock" |
|
98 | 98 |
or if clamd is on a different machine |
99 |
- CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
99 |
+ CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clmilter.sock" |
|
100 | 100 |
|
101 | 101 |
You should have received a script to put into /etc/init.d with this software. |
102 | 102 |
|
103 |
+You should always start clamd before clamav-milter. |
|
104 |
+ |
|
103 | 105 |
As with all software it is wise to ensure that clamav-milter has the least |
104 |
-privlidges it needs to run. So don't run it as root and don't store the sockets |
|
106 |
+privileges it needs to run. So don't run it as root and don't store the sockets |
|
105 | 107 |
in a directory that can be written by everyone. For example ensure that /var/run |
106 | 108 |
is owned and writable only by root and add entries for 'User' and |
107 | 109 |
'FixStaleSocket' in clamav.conf. |
... | ... |
@@ -255,6 +257,11 @@ Changes |
255 | 255 |
0.67i 27/2/04 Dropping priv message now same as clamd |
256 | 256 |
Only use TCPwrappers when using TCP/IP to establish |
257 | 257 |
communications with the milter |
258 |
+0.67j 27/2/04 Call checkClamd() before attempting to connect, it's a way of |
|
259 |
+ warning the user if they've started the milter before clamd |
|
260 |
+ checkClamd() now stashes pid in syslog |
|
261 |
+ Ensure installation instructions tally with man page and put |
|
262 |
+ sockets into subdirectory for security |
|
258 | 263 |
|
259 | 264 |
BUG REPORTS |
260 | 265 |
|
... | ... |
@@ -25,14 +25,14 @@ |
25 | 25 |
* Installations for RedHat Linux and it's derivatives such as YellowDog: |
26 | 26 |
* 1) Ensure that you have the sendmail-devel RPM installed |
27 | 27 |
* 2) Add to /etc/mail/sendmail.mc: |
28 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
28 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
|
29 | 29 |
* define(`confINPUT_MAIL_FILTERS', `clamav') |
30 | 30 |
* 3) Check entry in /usr/local/etc/clamav.conf of the form: |
31 |
- * LocalSocket /var/run/clamd.sock |
|
31 |
+ * LocalSocket /var/run/clamav/clamd.sock |
|
32 | 32 |
* StreamSaveToDisk |
33 | 33 |
* 4) If you already have a filter (such as spamassassin-milter from |
34 | 34 |
* http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
35 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
35 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl |
|
36 | 36 |
* INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
37 | 37 |
* define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
38 | 38 |
* mkdir /var/run/clamav |
... | ... |
@@ -44,9 +44,9 @@ |
44 | 44 |
* 6) I suggest putting SpamAssassin first since you're more likely to get spam |
45 | 45 |
* than a virus/worm sent to you. |
46 | 46 |
* 7) Add to /etc/sysconfig/clamav-milter |
47 |
- * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
47 |
+ * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clmilter.sock" |
|
48 | 48 |
* or if clamd is on a different machine |
49 |
- * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
49 |
+ * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clmilter.sock" |
|
50 | 50 |
* 8) You should have received a script to put into /etc/init.d with this |
51 | 51 |
* software. |
52 | 52 |
* 9) run 'chown clamav /usr/local/sbin/clamav-milter; chmod 4700 /usr/local/sbin/clamav-milter |
... | ... |
@@ -255,9 +255,19 @@ |
255 | 255 |
* 0.67i 27/2/04 Dropping priv message now same as clamd |
256 | 256 |
* Only use TCPwrappers when using TCP/IP to establish |
257 | 257 |
* communications with the milter |
258 |
+ * 0.67j 27/2/04 Call checkClamd() before attempting to connect, it's |
|
259 |
+ * a way of warning the user if they've started the |
|
260 |
+ * milter before clamd |
|
261 |
+ * checkClamd() now stashes pid in syslog |
|
262 |
+ * Ensure installation instructions tally with man page |
|
263 |
+ * and put sockets into subdirectory for security |
|
264 |
+ * |
|
258 | 265 |
* |
259 | 266 |
* Change History: |
260 | 267 |
* $Log: clamav-milter.c,v $ |
268 |
+ * Revision 1.57 2004/02/27 15:27:11 nigelhorne |
|
269 |
+ * call checkClamd on start |
|
270 |
+ * |
|
261 | 271 |
* Revision 1.56 2004/02/27 09:23:56 nigelhorne |
262 | 272 |
* Don't use TCP wrappers when UNIX domain sockets are used |
263 | 273 |
* |
... | ... |
@@ -411,9 +421,9 @@ |
411 | 411 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
412 | 412 |
* Added -f flag use MaxThreads if --max-children not set |
413 | 413 |
*/ |
414 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.56 2004/02/27 09:23:56 nigelhorne Exp $"; |
|
414 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.57 2004/02/27 15:27:11 nigelhorne Exp $"; |
|
415 | 415 |
|
416 |
-#define CM_VERSION "0.67i" |
|
416 |
+#define CM_VERSION "0.67j" |
|
417 | 417 |
|
418 | 418 |
/*#define CONFDIR "/usr/local/etc"*/ |
419 | 419 |
|
... | ... |
@@ -1193,6 +1203,7 @@ pingServer(int serverNumber) |
1193 | 1193 |
perror("socket"); |
1194 | 1194 |
return 0; |
1195 | 1195 |
} |
1196 |
+ checkClamd(); |
|
1196 | 1197 |
if(connect(sock, (struct sockaddr *)&server, sizeof(struct sockaddr_un)) < 0) { |
1197 | 1198 |
perror(localSocket); |
1198 | 1199 |
return 0; |
... | ... |
@@ -2527,18 +2538,16 @@ checkClamd(void) |
2527 | 2527 |
perror(pidFile); |
2528 | 2528 |
if(use_syslog) |
2529 | 2529 |
syslog(LOG_ERR, "Can't open %s\n", pidFile); |
2530 |
- |
|
2531 | 2530 |
return; |
2532 | 2531 |
} |
2533 | 2532 |
nbytes = read(fd, buf, sizeof(buf) - 1); |
2534 | 2533 |
close(fd); |
2535 | 2534 |
buf[nbytes] = '\0'; |
2536 | 2535 |
pid = atoi(buf); |
2537 |
- if(kill(pid, 0) < 0) { |
|
2538 |
- if(errno == ESRCH) { |
|
2539 |
- if(use_syslog) |
|
2540 |
- syslog(LOG_ERR, "Clamd seems to have died\n"); |
|
2541 |
- perror("clamd"); |
|
2542 |
- } |
|
2536 |
+ if((kill(pid, 0) < 0) && (errno == ESRCH)) { |
|
2537 |
+ if(use_syslog) |
|
2538 |
+ syslog(LOG_ERR, "Clamd (pid %d) seems to have died\n", |
|
2539 |
+ pid); |
|
2540 |
+ perror("clamd"); |
|
2543 | 2541 |
} |
2544 | 2542 |
} |