Hanno Hecker wrote:
On Tue, 22 Feb 2005 18:45:12 -0500 Bob <[EMAIL PROTECTED]> wrote:
John Peacock wrote:
Hanno Hecker wrote:
- add a 'chmod 0640, $filename;' in plugins/virus/clamavHmmm, allowing another app to tread in our private space... ;-)
before executing clamdscan.
I suppose we could allow a slightly wider umask for existing spool directories, but the behavior in the default case (creation) should always be minimal.
I'm not sure changing permissions is what's needed.
spamd would seem to be in the same situation, why
is clamd different, or the client side caller clamdscan
different?
Clamdscan just tells clamd "check the file /foo/bar/baz on disk and tell
me if it's a virus". You need read access to the file for the clamd
user. If clamd would be running as the smtpd user you also have write
access to the spool by some other application.
_________
...access by user smtpd using clamdscan, not other users if user smtpd clamd's socket is in mode 0700 spool_dir. Just the temp file leak due to no lock on file, qpsmtpd disconnects, deletes, clamd writes the file back in?
_________
Clamscan (the non daemon version) checks the file as the executing user, but that's much slower than telling the daemon to check a file on disk.
Spamc and the spamassassin plugin feed the full message to spamd through
the socket and wait for the status.
Hanno
If clamd socket was not in spool_dir and was world-write-able, with clamd running as clamd, the only way to give clamd any access to spool_dir would be to open up the perms on spool_dir, correct? I think I prefer to have a dedicated instance of clamd writing to files assigned to it by qpsmtpd in spool_dir, than to open up the permissions on spool_dir to the world, if that's the only other current option. If or when qpsmtpd deletes a file handed to clamd because qpsmtpd has decided to disconnect and delete the temp file, then clamd decides to write the file back in, that's could eventually "leak" enough to dos self with a lot of dead temp files.
Option three failed. "clamdscan < file" failed to suck file and pipe to socket.
Option four, convince the author of clamdscan to make it feed the file into a socket like spamassassin and spamc do. clamdscan already has a lot of options--scan file scan dir. One more option needed.
If user smtpd's clamd, socket in 0700 spool_dir, then to clamdscan http traffic would be from a different clamd instance, different user, different config file, not my problem.
-Bob
