Sophos provided me a test build that supposedly will fix these problems, but I don't have a Linux setup to test with. If you have a Linux install that ran into these issues and would like to volunteer to test a possible fix, please contact me off-list.
Thanks... On Tue, 7 Jun 2005, Gary Windham wrote: > I started digging into this problem after upgrading to Sophos 3.93 on our > amavis servers the other day and getting bit. :) > > The problem is, as previously detailed, related to a pair of semaphores that > the SAVI library creates upon initialization. The problem is two-fold: > > 1. If the SAVI initialization function is called by root, the forked > Net::Server process (and children) will not be able to access the semaphores > if amavisd later switches to a less-privileged user. This can be circumvented > by starting the amavisd process as the less-privileged user (via 'su') or by > passing the '-u' option to amavisd to invoke "early" dropping of privileges. > > 2. The semaphores created by SAVI are destroyed upon invocation of the SAVI > "Terminate" function. This function is called by SAVI-Perl in the > SAVI::Handle::DESTROY() method. Since the SAVI handle is initialized in the > initial parent process, and all the children inherit this handle, any time a > child process dies (i.e., after $max_requests) the SAVI::Handle::DESTROY() > method is invoked, and the semaphores go bye-bye. I kludged together a > workaround for this, by having amavisd set a variable ($terminateOk) in the > SAVI:: namespace. The SAVI-Perl module will then check this variable in the > DESTROY method and decide whether or not to call the SAVI terminate function. > > I'm sure this isn't the most elegant solution, but it seems to work around > the problem. > > You can find patches for SAVI-Perl-0.30 and amavisd-new-2.3.2-pre1 here: > http://www.u.arizona.edu/~windhamg/amavisd-savifix/. If anyone is interested > in cleaning this up and incorporating it into amavisd-new, that would be > terrific. -- Paul B. Henson | (909) 979-6361 | http://www.csupomona.edu/~henson/ Operating Systems and Network Analyst | [EMAIL PROTECTED] California State Polytechnic University | Pomona CA 91768 ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/
