Hey all,
I'm having an interesting problem with my qmail-toaster installation,
particularly with ClamAV. Everything is the current version from the web
site.
I host my site/mail server on a VPS. My web host disables execute
permissions on /tmp and /var/tmp for security purposes. I had to get
them to disable this so I could even get the packages installed.
I noticed that while clamav toaster was compiling, that it creates the
user and puts its home directory in /tmp
+ /usr/sbin/useradd -u 46 -r -M -d /tmp -s /sbin/nologin -c 'Clam
AntiVirus' -g clamav clamav
My question is whether or not clamav requires execute permissions in
/tmp POST installation or not?
I believe that it might because I was having issues earlier where clamav
processes were building up in a manner in which I believe clamav wasn't
scanning/processing emails, therefore stopping all mail from processing
on my server. This may be because my VPS was restarted and the
permissions on my /tmp directory were reverted to no longer allow
execute permissions.
The output from a ps aux looked like this when I was having issues:
clamav 21828 0.0 0.0 1776 600 ? S 21:22 0:00
/var/qmail/bin/simscan
clamav 21829 0.0 0.0 1776 600 ? S 21:22 0:00
/var/qmail/bin/simscan
clamav 21832 0.0 0.0 4684 1224 ? S 21:22 0:00 clamdscan
--stdout
clamav 21834 0.0 0.0 4684 1224 ? S 21:22 0:00 clamdscan
--stdout
vpopmail 22156 0.0 0.0 5324 1424 ? S 21:23 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 22167 0.0 0.0 1776 600 ? S 21:23 0:00
/var/qmail/bin/simscan
clamav 22169 0.0 0.0 4684 1224 ? S 21:23 0:00 clamdscan
--stdout
vpopmail 26412 0.0 0.0 5324 1416 ? S 21:33 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 26419 0.0 0.0 1776 600 ? S 21:33 0:00
/var/qmail/bin/simscan
clamav 26424 0.0 0.0 4684 1224 ? S 21:33 0:00 clamdscan
--stdout
vpopmail 28119 0.0 0.0 5324 1424 ? S 21:34 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 28120 0.0 0.0 1776 600 ? S 21:34 0:00
/var/qmail/bin/simscan
clamav 28122 0.0 0.0 4684 1224 ? S 21:34 0:00 clamdscan
--stdout
vpopmail 9259 0.0 0.0 5324 1416 ? S 21:40 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 9263 0.0 0.0 1776 600 ? S 21:40 0:00
/var/qmail/bin/simscan
clamav 9265 0.0 0.0 4684 1224 ? S 21:40 0:00 clamdscan
--stdout
vpopmail 9636 0.0 0.0 5324 1964 ? S 21:41 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 9643 0.0 0.0 1776 600 ? S 21:41 0:00
/var/qmail/bin/simscan
clamav 9647 0.0 0.0 4684 1224 ? S 21:41 0:00 clamdscan
--stdout
vpopmail 17453 0.0 0.0 5324 1420 ? S 21:48 0:00
/var/qmail/bin/qmail-smtpd /home/vpopmail/bin/vchkpw /bin/true
clamav 17589 0.0 0.0 1776 600 ? S 21:48 0:00
/var/qmail/bin/simscan
clamav 17595 0.0 0.0 4684 1224 ? S 21:48 0:00 clamdscan
--stdout
Currently everything is in working order, and execute permissions are
allowed until I can get an answer as to whether or not execute
permissions are necessary after the clamav toaster is installed.
If execute permissions are required, is there anything I can do about
this? Possibly a custom build of the toaster which defines an alternate
location for clamav instead of /tmp? I don't think my host will
permanently enable execute permissions for my VPS, I would have to
request them to grant me this access every time my VPS is restarted. I
would obviously prefer that no execute permissions be enabled on my
server for security purposes as that is the intention of it being that
way to begin with.
Any insight would be appreciated.
Thanks,
Jon
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
