On 2016-04-26 22:39:16 [+0200], Xavier Quost wrote: > Hello Sebastian, Hello Xavier,
> /lib/systemd/system/clamav-daemon.service … > [Service] … > User=clamav > Group=clamav > I'm not familiar with systemd, however I'm surprised that when > /etc/init.d/clamav-daemon is somethink like 400 lines, systemd is something > like 10 lines. > But still I'm not familiar with systemd. A lot of the stuff in clamav-daemon is legacy stuff and solved in systemd differently. To give an example: - we pass `-c /etc/clamav/clamd.conf' in the non-systemd case. But this is the default settings so we could drop it. Therefore it makes no difference if you pass this in systemd case or not (nothing changes). - In the systemv case we start the daemon via start-stop-daemon and pass the user from the config as an argument. We could however start clamd as root and let the daemon itself change the user to whatever is selected in clamd.conf. This is what happens in the systemd case. > Please would you tell me if those modifications make sense, or if those shall > be made elsewhere in the system. I installed clamsmtp and been looking a little around and I think I found the problem: You clamd.conf says AllowSupplementaryGroups disabled but clamsmtp adds the group clamsmtp to the clamav user: # id clamav uid=108(clamav) gid=113(clamav) groups=113(clamav),114(clamsmtp) With this option set to disabled / false clamav has only access to the clamav user+group. I think if you revert your changes and instead set true here (to AllowSupplementaryGroups) then it should work again. I *think* systemd + start-stop-daemon do this by default and that is why we did not notice this before. Could you please check if this change works for you? > Best regards > > XQ Sebastian _______________________________________________ Pkg-clamav-devel mailing list Pkg-clamav-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-clamav-devel