Menu
▾
▴
Re: [Devil-linux-develop] Sagator and ClamAV interaction+integration on DL - minor fix
|
From: Heiko Z. <he...@zu...> - 2005-04-23 13:54:08
|
Kari Mattsson wrote: > > This is for mail gateway implementations of Devil-Linux. > > Sagator is a nice integrator between Postfix, SpamAssassin and ClamAV. > > The default settings with DL are not working properly. Previously I > sent a minor fix for SpamAssassin+Sagator. This posting is for > ClamAV+Sagator. > > You can do this in many different ways. This way changes as little as > possible the default configuration. > > I suggest you add to file /etc/sysconfig/jail/SAGATOR the following 3 > lines to add the directory (with proper user rights) for virus > definitions: > > MKDIR /var/lib/clamav > CHMOD 750 /var/lib/clamav > CHOWN clamav:vscan /var/lib/clamav OK I added this. > > A quick explanation: > /var/lib/clamav is the default directory for virus definitions. As > Sagator is executed jailrooted, this directory (actually > /var/spool/vscan/var/lib/clamav) does not exist. This is also the > directory where Sagator excepts the virus defs to be. > ClamAV requires write access to this directory, but Sagator > (user/group vscan) only requires read+chdir access. > > This change, however is not sufficient. ClamAV is not executed > jailrooted. That means the ClamAV default directory /var/lib/clamav > does not match with Sagator's /var/spool/vscan/var/lib/clamav. > > Sagator's readme file recommends changing the following two files > /etc/freshclam.conf > /etc/clamd.conf > > ...and the change is simple: > > DatabaseDirectory /var/spool/vscan/var/lib/clamav Hmmmm...... Anybody else has an oppinion about this? > > You could leave the default line there as a commented one. > > There is a minor drawback here: You have to remember to do this change > every time you upgrade ClamAV, and that is (fortunately) quite often. > > *** > > As there is very little use on DL for ClamAV alone -- it is almost > always used with Sagator, I think the above DatabaseDirectory change > propably should make it to the default etc.tar.bz2. > > Comments? > -- Regards Heiko Zuerker http://www.devil-linux.org |