[Pkg-clamav-commits] [SCM] Debian repository for ClamAV branch, debian/unstable, updated. debian/0.95+dfsg-1-6646-g8c06025
Stephen Gran
steve at lobefin.net
Thu Mar 17 08:28:59 UTC 2011
The following commit has been merged in the debian/unstable branch:
commit 3694eb9dbc702155ddcb8151b7b1baa2adef8551
Author: Stephen Gran <steve at lobefin.net>
Date: Thu Mar 17 08:27:06 2011 +0000
update notes about configuring milter
Signed-off-by: Stephen Gran <steve at lobefin.net>
diff --git a/debian/README.Debian b/debian/README.Debian
index 6319463..fe79ef7 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -133,25 +133,11 @@ CLAMAV-DAEMON
POSTFIX
- Recent versions of postfix have support for milters. This allows clamav-milter to
- be used reasonably well with postfix, although the problem of group permissions on
- the actual socket is a problem. See /usr/share/doc/clamav-milter/INSTALL.gz for some
- details. A solution for the frequent "I have to change the init script to make sure
- postfix can communicate with the socket" problem is making the directory for the socket
- setgid. So:
- uncomment "USE_POSTFIX=yes" in /etc/default/clamav-milter and choose the appropriate
- socket option.
- mkdir -p /var/spool/postfix/clamav/
- chown clamav:postfix /var/spool/postfix/clamav/
- chmod g+s /var/spool/postfix/clamav/
- ls -l /var/spool/postfix/clamav/
- srwxrwxr-x 1 clamav postfix 0 2006-12-15 03:37 clamav-milter
-
- Another option is to use a TCP socket for milter <-> postfix communication. For this
- option, you can use the syntax:
- SOCKET=inet:12000 at 127.0.0.1 (port at host, in case it's not clear)
- in /etc/default/clamav-milter. This has the disadvantage that you lose filesystem
- permission-based protections on the socket, so use with some caution.
+ Recent versions of postfix have support for milters. This allows
+ clamav-milter to be used reasonably well with postfix, although the
+ problem of group permissions on the actual socket can be a problem.
+ See /usr/share/doc/clamav-milter/INSTALL.gz for some details as well
+ as the end of the CLAMAV-MILTER section below.
Other MTA's I am not as familiar with, but the same principles apply -
clamav needs read and write access to the diretory where messages are
@@ -263,8 +249,8 @@ CLAMAV-MILTER
I suggest putting SpamAssassin first since you're more likely to get spam
than a virus/worm sent to you.
- Add to /etc/default/clamav-milter
- OPTIONS="--max-children=2"
- or if clamd is on a different machine
- OPTIONS="--max-children=2 --server=192.168.1.9"
+ As of 0.96, clamav-milter will take care of making the socket
+ writable for a group. This is done by setting MilterSocketGroup and
+ MilterSocketMode to useful values in your /etc/clamav/clamav-milter.conf
+ (for instance, "postfix" and "0664", respectively).
--
Debian repository for ClamAV
More information about the Pkg-clamav-commits
mailing list