git-svn-id: file:///var/lib/svn/clamav-devel/trunk/clamav-devel@323 77e5149b-7576-45b1-b177-96237e5ba77b
Nigel Horne authored on 2004/02/23 02:33:09... | ... |
@@ -1,3 +1,8 @@ |
1 |
+Sun Feb 22 17:34:08 GMT 2004 (njh) |
|
2 |
+---------------------------------- |
|
3 |
+ * clamav-milter/docs: Documented the need to ensure that the directory |
|
4 |
+ containing the sockets must be read/writeable by clamav if User is set |
|
5 |
+ |
|
1 | 6 |
Sat Feb 21 16:05:42 CET 2004 (tk) |
2 | 7 |
--------------------------------- |
3 | 8 |
* freshclam: fixed problem with -u handling (missing `else' in logical block) |
... | ... |
@@ -62,14 +62,14 @@ Needs -lresolv on Solaris |
62 | 62 |
|
63 | 63 |
INSTALLATION |
64 | 64 |
|
65 |
-Install into /usr/local/sbin/clamav-milter, mode 744 |
|
65 |
+Install into /usr/local/sbin/clamav-milter. |
|
66 | 66 |
|
67 | 67 |
See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
68 | 68 |
|
69 | 69 |
Installations for RedHat Linux and it's derivatives such as YellowDog: |
70 | 70 |
Ensure that you have the sendmail-devel RPM installed |
71 | 71 |
Add to /etc/mail/sendmail.mc: |
72 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
72 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
73 | 73 |
define(`confINPUT_MAIL_FILTERS', `clamav') |
74 | 74 |
|
75 | 75 |
Check entry in /usr/local/etc/clamav.conf of the form: |
... | ... |
@@ -78,10 +78,14 @@ Installations for RedHat Linux and it's derivatives such as YellowDog: |
78 | 78 |
|
79 | 79 |
If you already have a filter (such as spamassassin-milter from |
80 | 80 |
http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
81 |
- INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
81 |
+ INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
82 | 82 |
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
83 | 83 |
define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
84 | 84 |
|
85 |
+ mkdir /var/run/clamav |
|
86 |
+ chown clamav /var/run/clamav (if you use User clamav in clamav.conf) |
|
87 |
+ chmod 700 /var/run/clamav |
|
88 |
+ |
|
85 | 89 |
You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
86 | 90 |
is recommended by the Sendmail documentation and I recommend going along |
87 | 91 |
with that. |
... | ... |
@@ -90,9 +94,9 @@ I suggest putting SpamAssassin first since you're more likely to get spam |
90 | 90 |
than a virus/worm sent to you. |
91 | 91 |
|
92 | 92 |
Add to /etc/sysconfig/clamav-milter |
93 |
- CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock" |
|
93 |
+ CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
94 | 94 |
or if clamd is on a different machine |
95 |
- CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock" |
|
95 |
+ CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
96 | 96 |
|
97 | 97 |
You should have received a script to put into /etc/init.d with this software. |
98 | 98 |
|
... | ... |
@@ -18,32 +18,35 @@ |
18 | 18 |
* along with this program; if not, write to the Free Software |
19 | 19 |
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. |
20 | 20 |
* |
21 |
- * Install into /usr/local/sbin/clamav-milter, mode 744 |
|
21 |
+ * Install into /usr/local/sbin/clamav-milter |
|
22 | 22 |
* |
23 | 23 |
* See http://www.nmt.edu/~wcolburn/sendmail-8.12.5/libmilter/docs/sample.html |
24 | 24 |
* |
25 | 25 |
* Installations for RedHat Linux and it's derivatives such as YellowDog: |
26 | 26 |
* 1) Ensure that you have the sendmail-devel RPM installed |
27 | 27 |
* 2) Add to /etc/mail/sendmail.mc: |
28 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
28 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
29 | 29 |
* define(`confINPUT_MAIL_FILTERS', `clamav') |
30 | 30 |
* 3) Check entry in /usr/local/etc/clamav.conf of the form: |
31 | 31 |
* LocalSocket /var/run/clamd.sock |
32 | 32 |
* StreamSaveToDisk |
33 | 33 |
* 4) If you already have a filter (such as spamassassin-milter from |
34 | 34 |
* http://savannah.nongnu.org/projects/spamass-milt) add it thus: |
35 |
- * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
35 |
+ * INPUT_MAIL_FILTER(`clamav', `S=local:/var/run/clamav/clamav.sock, F=, T=S:4m;R:4m')dnl |
|
36 | 36 |
* INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass.sock, F=, T=C:15m;S:4m;R:4m;E:10m') |
37 | 37 |
* define(`confINPUT_MAIL_FILTERS', `spamassassin,clamav')dnl |
38 |
+ * mkdir /var/run/clamav |
|
39 |
+ * chown clamav /var/run/clamav (if you use User clamav in clamav.conf) |
|
40 |
+ * chmod 700 /var/run/clamav |
|
38 | 41 |
* 5) You may find INPUT_MAIL_FILTERS is not needed on your machine, however it |
39 | 42 |
* is recommended by the Sendmail documentation and I suggest going along |
40 | 43 |
* with that. |
41 | 44 |
* 6) I suggest putting SpamAssassin first since you're more likely to get spam |
42 | 45 |
* than a virus/worm sent to you. |
43 | 46 |
* 7) Add to /etc/sysconfig/clamav-milter |
44 |
- * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav.sock" |
|
47 |
+ * CLAMAV_FLAGS="--max-children=2 local:/var/run/clamav/clamav.sock" |
|
45 | 48 |
* or if clamd is on a different machine |
46 |
- * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav.sock" |
|
49 |
+ * CLAMAV_FLAGS="--max-children=2 --server=192.168.1.9 local:/var/run/clamav/clamav.sock" |
|
47 | 50 |
* 8) You should have received a script to put into /etc/init.d with this |
48 | 51 |
* software. |
49 | 52 |
* 9) run 'chown clamav /usr/local/sbin/clamav-milter; chmod 4700 /usr/local/sbin/clamav-milter |
... | ... |
@@ -245,6 +248,9 @@ |
245 | 245 |
* |
246 | 246 |
* Change History: |
247 | 247 |
* $Log: clamav-milter.c,v $ |
248 |
+ * Revision 1.54 2004/02/22 17:27:40 nigelhorne |
|
249 |
+ * Updated installation instructions now that privileges are dropped |
|
250 |
+ * |
|
248 | 251 |
* Revision 1.53 2004/02/21 11:03:23 nigelhorne |
249 | 252 |
* Error if quarantine-dir is publically accessable |
250 | 253 |
* |
... | ... |
@@ -389,7 +395,7 @@ |
389 | 389 |
* Revision 1.6 2003/09/28 16:37:23 nigelhorne |
390 | 390 |
* Added -f flag use MaxThreads if --max-children not set |
391 | 391 |
*/ |
392 |
-static char const rcsid[] = "$Id: clamav-milter.c,v 1.53 2004/02/21 11:03:23 nigelhorne Exp $"; |
|
392 |
+static char const rcsid[] = "$Id: clamav-milter.c,v 1.54 2004/02/22 17:27:40 nigelhorne Exp $"; |
|
393 | 393 |
|
394 | 394 |
#define CM_VERSION "0.67g" |
395 | 395 |
|
... | ... |
@@ -904,6 +910,8 @@ main(int argc, char **argv) |
904 | 904 |
else |
905 | 905 |
setgroups(1, &user->pw_gid); |
906 | 906 |
|
907 |
+ cli_dbgmsg("Dropping user privileges\n"); |
|
908 |
+ |
|
907 | 909 |
setgid(user->pw_gid); |
908 | 910 |
setuid(user->pw_uid); |
909 | 911 |
} else |
... | ... |
@@ -15,6 +15,14 @@ if it cannot it terminates. |
15 | 15 |
.LP |
16 | 16 |
clamav\-milter supports tcpwrappers, the value for \fIdaemon_list\fR |
17 | 17 |
is "clamav\-milter". |
18 |
+.LP |
|
19 |
+The socket_address argument is the socket used to communicate with |
|
20 |
+\fBsendmail(8)\fR. |
|
21 |
+It must agree with the entry in sendmail.cf or sendmail.mc. |
|
22 |
+The file associated with the socket must be createable by clamav\-milter, |
|
23 |
+if the User option is set in |
|
24 |
+\fBclamav.conf(5)\fR, |
|
25 |
+then that user must have the rights to create the file. |
|
18 | 26 |
.SH "OPTIONS" |
19 | 27 |
.LP |
20 | 28 |
|