Browse code
Updated installation instructions now that privileges are dropped
git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@323 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/23 02:33:09Showing 4 changed files
| ... | ... |
@@ -1,3 +1,8 @@ |
| 1 |
+Sun Feb 22 17:34:08 GMT 2004 (njh) |
|
| 2 |
+---------------------------------- |
|
| 3 |
+ * clamav-milter/docs: Documented the need to ensure that the directory |
|
| 4 |
+ containing the sockets must be read/writeable by clamav if User is set |
|
| 5 |
+ |
|
| 1 | 6 |
Sat Feb 21 16:05:42 CET 2004 (tk) |
| 2 | 7 |
--------------------------------- |
| 3 | 8 |
* freshclam: fixed problem with -u handling (missing `else' in logical block) |
| ... | ... |
@@ -62,14 +62,14 @@ Needs -lresolv on Solaris |
| 62 | 62 |
|
| 63 | 63 |
INSTALLATION |
| 64 | 64 |
|
| 65 |
-Install into /usr/local/sbin/clamav-milter, mode 744 |
|
| 65 |
+Install into /usr/local/sbin/clamav-milter. |
|
| 66 | 66 |
|
| 67 | 67 |
See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
| 68 | 68 |
|
| 69 | 69 |
Installations for RedHat Linux and it's derivatives such as YellowDog: |
| 70 | 70 |
Ensure that you have the sendmail-devel RPM installed |
| 71 | 71 |
Add to /etc/mail/sendmail.mc: |
| 72 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 72 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 73 | 73 |
define(`confINPUT_MAIL_FILTERS', `clamav') |
| 74 | 74 |
|
| 75 | 75 |
Check entry in /usr/local/etc/clamav.conf of the form: |
| ... | ... |
@@ -78,10 +78,14 @@ Installations for RedHat Linux and it's derivatives such as YellowDog: |
| 78 | 78 |
|
| 79 | 79 |
If you already have a filter (such as spamassassin-milter from |
| 80 | 80 |
http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
| 81 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 81 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 82 | 82 |
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
| 83 | 83 |
define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
| 84 | 84 |
|
| 85 |
+ mkdir /var/run/clamav |
|
| 86 |
+ chown clamav /var/run/clamav (if you use User clamav in clamav.conf) |
|
| 87 |
+ chmod 700 /var/run/clamav |
|
| 88 |
+ |
|
| 85 | 89 |
You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
| 86 | 90 |
is recommended by the Sendmail documentation and I recommend going along |
| 87 | 91 |
with that. |
| ... | ... |
@@ -90,9 +94,9 @@ I suggest putting SpamAssassin first since you're more likely to get spam |
| 90 | 90 |
than a virus/worm sent to you. |
| 91 | 91 |
|
| 92 | 92 |
Add to /etc/sysconfig/clamav-milter |
| 93 |
- CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock" |
|
| 93 |
+ CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
| 94 | 94 |
or if clamd is on a different machine |
| 95 |
- CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock" |
|
| 95 |
+ CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
| 96 | 96 |
|
| 97 | 97 |
You should have received a script to put into /etc/init.d with this software. |
| 98 | 98 |
|
| ... | ... |
@@ -18,32 +18,35 @@ |
| 18 | 18 |
* along with this program; if not, write to the Free Software |
| 19 | 19 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
| 20 | 20 |
* |
| 21 |
- * Install into /usr/local/sbin/clamav-milter, mode 744 |
|
| 21 |
+ * Install into /usr/local/sbin/clamav-milter |
|
| 22 | 22 |
* |
| 23 | 23 |
* See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
| 24 | 24 |
* |
| 25 | 25 |
* Installations for RedHat Linux and it's derivatives such as YellowDog: |
| 26 | 26 |
* 1) Ensure that you have the sendmail-devel RPM installed |
| 27 | 27 |
* 2) Add to /etc/mail/sendmail.mc: |
| 28 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 28 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 29 | 29 |
* define(`confINPUT_MAIL_FILTERS', `clamav') |
| 30 | 30 |
* 3) Check entry in /usr/local/etc/clamav.conf of the form: |
| 31 | 31 |
* LocalSocket /var/run/clamd.sock |
| 32 | 32 |
* StreamSaveToDisk |
| 33 | 33 |
* 4) If you already have a filter (such as spamassassin-milter from |
| 34 | 34 |
* http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
| 35 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 35 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
| 36 | 36 |
* INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
| 37 | 37 |
* define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
| 38 |
+ * mkdir /var/run/clamav |
|
| 39 |
+ * chown clamav /var/run/clamav (if you use User clamav in clamav.conf) |
|
| 40 |
+ * chmod 700 /var/run/clamav |
|
| 38 | 41 |
* 5) You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
| 39 | 42 |
* is recommended by the Sendmail documentation and I suggest going along |
| 40 | 43 |
* with that. |
| 41 | 44 |
* 6) I suggest putting SpamAssassin first since you're more likely to get spam |
| 42 | 45 |
* than a virus/worm sent to you. |
| 43 | 46 |
* 7) Add to /etc/sysconfig/clamav-milter |
| 44 |
- * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock" |
|
| 47 |
+ * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
| 45 | 48 |
* or if clamd is on a different machine |
| 46 |
- * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock" |
|
| 49 |
+ * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
| 47 | 50 |
* 8) You should have received a script to put into /etc/init.d with this |
| 48 | 51 |
* software. |
| 49 | 52 |
* 9) run 'chown clamav /usr/local/sbin/clamav-milter; chmod 4700 /usr/local/sbin/clamav-milter |
| ... | ... |
@@ -245,6 +248,9 @@ |
| 245 | 245 |
* |
| 246 | 246 |
* Change History: |
| 247 | 247 |
* $Log: clamav-milter.c,v $ |
| 248 |
+ * Revision 1.54 2004/02/22 17:27:40 nigelhorne |
|
| 249 |
+ * Updated installation instructions now that privileges are dropped |
|
| 250 |
+ * |
|
| 248 | 251 |
* Revision 1.53 2004/02/21 11:03:23 nigelhorne |
| 249 | 252 |
* Error if quarantine-dir is publically accessable |
| 250 | 253 |
* |
| ... | ... |
@@ -389,7 +395,7 @@ |
| 389 | 389 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
| 390 | 390 |
* Added -f flag use MaxThreads if --max-children not set |
| 391 | 391 |
*/ |
| 392 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.53 2004/02/21 11:03:23 nigelhorne Exp $"; |
|
| 392 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.54 2004/02/22 17:27:40 nigelhorne Exp $"; |
|
| 393 | 393 |
|
| 394 | 394 |
#define CM_VERSION "0.67g" |
| 395 | 395 |
|
| ... | ... |
@@ -904,6 +910,8 @@ main(int argc, char **argv) |
| 904 | 904 |
else |
| 905 | 905 |
setgroups(1, &user->pw_gid); |
| 906 | 906 |
|
| 907 |
+ cli_dbgmsg("Dropping user privileges\n");
|
|
| 908 |
+ |
|
| 907 | 909 |
setgid(user->pw_gid); |
| 908 | 910 |
setuid(user->pw_uid); |
| 909 | 911 |
} else |
| ... | ... |
@@ -15,6 +15,14 @@ if it cannot it terminates. |
| 15 | 15 |
.LP |
| 16 | 16 |
clamav\-milter supports tcpwrappers, the value for \fIdaemon_list\fR |
| 17 | 17 |
is "clamav\-milter". |
| 18 |
+.LP |
|
| 19 |
+The socket_address argument is the socket used to communicate with |
|
| 20 |
+\fBsendmail(8)\fR. |
|
| 21 |
+It must agree with the entry in sendmail.cf or sendmail.mc. |
|
| 22 |
+The file associated with the socket must be createable by clamav\-milter, |
|
| 23 |
+if the User option is set in |
|
| 24 |
+\fBclamav.conf(5)\fR, |
|
| 25 |
+then that user must have the rights to create the file. |
|
| 18 | 26 |
.SH "OPTIONS" |
| 19 | 27 |
.LP |
| 20 | 28 |
|