[clamav-users] ClamAV on RHEL 6.8 (IBM Power 8 -PPC64)
Reindl Harald
h.reindl at thelounge.net
Wed May 17 08:14:35 UTC 2017
Am 17.05.2017 um 05:07 schrieb Kishore Pawar:
> Thanks Carlos
>
> I see what you saying. I checked my previous sessions and I found the below
> one from the 'Oct 2016' session where I see that the clam-miller.socket is
> owned by clamav:clamav, where as my latest one is owned by clamav:root. Is
> it causing the below error? If so how can I make sure the socket gets
> proper permissions?
man clamav-milter.conf
on a proper configured system there is no need to start any service
which does not need to listen on ports below 1024 as root to start with
_____________________________________
/etc/mail/clamav-milter.conf
# usermod -a -G clamilt postfix
# usermod -a -G sa-milt postfix
User clamilt
AllowSupplementaryGroups yes
MilterSocket /run/clamav-milter/clamav-milter.socket
MilterSocketMode 0660
ClamdSocket unix:/run/clamd/clamd.sock
FixStaleSocket yes
_____________________________________
/etc/systemd/system/clamav-milter.service
[Unit]
Description=ClamAV Postfix-Milter
Wants=clamd.service
After=clamd.service
Before=postfix.service
[Service]
Type=simple
Environment="TMPDIR=/tmp"
ExecStart=/usr/sbin/clamav-milter -c /etc/mail/clamav-milter.conf
User=clamilt
Group=clamilt
Environment="LANG=en_GB.UTF-8"
Restart=always
RestartSec=1
Nice=5
PrivateTmp=yes
PrivateDevices=yes
PrivateNetwork=yes
NoNewPrivileges=yes
CapabilityBoundingSet=CAP_KILL
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
SystemCallArchitectures=x86-64
SystemCallFilter=~acct modify_ldt add_key adjtimex clock_adjtime
delete_module fanotify_init finit_module get_mempolicy init_module
io_destroy io_getevents iopl ioperm io_setup io_submit io_cancel kcmp
kexec_load keyctl lookup_dcookie mbind migrate_pages mount move_pages
open_by_handle_at perf_event_open pivot_root process_vm_readv
process_vm_writev ptrace remap_file_pages request_key set_mempolicy
swapoff swapon umount2 uselib vmsplice
ReadOnlyDirectories=/
ReadWriteDirectories=-/run/clamav-milter
ReadWriteDirectories=-/run/clamd
ReadWriteDirectories=-/tmp
ReadWriteDirectories=-/var/log
More information about the clamav-users
mailing list