Re: [Mimedefang] MD and ClamAV
"Jon Rowlan" a scris: > What would be the preferred and recommended way to use ClamAV with MD? > > They both need to use or have access to a .sock > > So should I run Clam as defang or change perms so that both Clam and > MD can talk to the same directory or indeed move the location of the > Clam AV .sock? > > I would really like to know others ideas of how to make these two hang > together. > > I guess chmod 777 is not a good idea :-) I have successfully used MIMEDefang with network sockets in such a setup. Being a standard milter filter, MD supports them just fine, just use something like this in the config: SOCKET=inet:12...@127.0.0.1. When using ClamAV, make sure its local socket is accessible to the user whose credentials you are using to run MIMEDefang. As a side fact, I would not run ClamAV as root as it hangs from time to time and I don't trust it that much. In fact, I have given up on using an AV on the MX servers altogether, just ban the dangerous file extensions like com, exe, pif, lnk etc. and you are good to go. The only notable problem I have encountered since is PDF malware, so make sure you either avoid Adobe Acrobat or use virus protection on Windoze clients. -- mișu pgpImkQgzla8p.pgp Description: PGP signature ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD and ClamAV
>> What would be the preferred and recommended way to use ClamAV with MD? > None, I guess, because it all depends on your situation. >> They both need to use or have access to a .sock > Not only that, they need to have access to the same files to scan, namely the spool directory of Mimedefang, where the Work dirs are > located. >> So should I run Clam as defang or change perms so that both Clam and MD > If you use ClamAV for Mimedefang only, I would recommend the "defang" > method. It also does not hurt to relocate the ClamAV socket into the Mimedefang dir. >> I would really like to know others ideas of how to make these two hang >> together. >> >> I guess chmod 777 is not a good idea :-) > It won't help scanning files. > IMHO, you can also think about running ClamAV as root, esp. if it is a dedicated server. Great thanks Stephen, I am not a million miles away with my standard setup. Good to know someone else agrees with me though :-) Regards, jON ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
Re: [Mimedefang] MD and ClamAV
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 21 Jul 2010, Jon Rowlan wrote: What would be the preferred and recommended way to use ClamAV with MD? None, I guess, because it all depends on your situation. They both need to use or have access to a .sock Not only that, they need to have access to the same files to scan, namely the spool directory of Mimedefang, where the Work dirs are located. So should I run Clam as defang or change perms so that both Clam and MD If you use ClamAV for Mimedefang only, I would recommend the "defang" method. It also does not hurt to relocate the ClamAV socket into the Mimedefang dir. I would really like to know others ideas of how to make these two hang together. I guess chmod 777 is not a good idea :-) It won't help scanning files. IMHO, you can also think about running ClamAV as root, esp. if it is a dedicated server. Regards, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBTEfxGEgddVksjRnHAQKdrwgAo5QmE8tlmTBtU2PV5emF3rrjgjEA9Br8 4rlIFrVl36HaRUMZbNrZY6ARFPHttSii1xo3w4+vvrVwDQsAK6947hJLQWyCQdrt zaHhruwPrpz4e9dzKgjpiShRMQHMxTJKpaszidoibWnyms7ijhYijd0z7IVTiS25 UEVnG9siSaE2wZRQjXKi/sFgSpYiU2xfpHcERjCq3HitiM6izdYiDfk8aDU1TLhU 0VFsbWh/glPlt3jUestyt95UkWFhH2y9PPU6qsMpwLq+bP5izE8CNd2ee62d7EoE f2O3IP7KXyci3TbpjK46WRpRWuXwyCW6DuDo3mA8L6bfEspJnb3vYQ== =KGK6 -END PGP SIGNATURE- ___ NOTE: If there is a disclaimer or other legal boilerplate in the above message, it is NULL AND VOID. You may ignore it. Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list MIMEDefang@lists.roaringpenguin.com http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
