From what I can tell, it looks like I probably need to update/usr/bin/mimedefang.pl and change $Features{'Virus:CLAMD'} so that it is set to 1 and make sure that the clamd processes is running as the defang user and writing it's socket in /var/spool/MIMEDefang/clamd.sock.
I'm not sure if you are going to need to reinstall MIMEDefang.
However, documentation for MIMEDefang is proposing some not needed changes for it to interoperate with ClamAV. I don't know why.
All clamd needs is read access to the file that it is supposed to scan. That can be done by adding user clamav (that clamd is running under) to group defang (/var/spool/MIMEDefang is owned and readable by group defang, if not than make it that way).
Also you don't need to change ClamAV socket. Actually, you can't because /var/spool/MIMEDefang will not be writtable for clamd. You can leave it at its default value (/var/run/clamav/clamd.sock) and use $ClamdSock variable in mimedefang-filter to point MIMEDefang to the right place.
That way you will achieve:
- two daemon processes (MIMEDefang and ClamAV) will be separated, which is nice from security point of view
- you run ClamAV in more or less default mode, which makes it easier to maintain
- makes it possible to use clamd from other appliactions (/var/spool/MIMEDefang is not world accessible, /var/run/clamav is world accessible)
IMHO, this is better and much cleaner configuration than the one proposed by MIMEDefang documentation.
-- Aleksandar Milivojevic <[EMAIL PROTECTED]> Pollard Banknote Limited Systems Administrator 1499 Buffalo Place Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7 _______________________________________________ Visit http://www.mimedefang.org and http://www.canit.ca MIMEDefang mailing list [EMAIL PROTECTED] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang