Now that app-antivirus/clamav pulls in acct-{group,user}/clamav we have a problem with amavisd-new integration. Amavisd-new uses clamd as it's antivirus scanner, however the temporary directories under /var/amavis/tmp/amavis* are set with permissions 750 (amavis:amavis). A possible solution is to append the amavis group to clamav so that clamav will have access to the files: # usermod -a -G amavis clamav This will not work as the clamav user/group ebuilds will clear the settings and it will fail. Maybe we should an amavis USE flag to acct-user/clamav that will replace the usermod call? Something like acct-user/git/git-0.ebuild.
Allowing the clamav daemon to read the files of everyone that it wants to perform virus scans for is not a great way to set things up, even though it has been the "default" in amavis for a while (the documentation just suggests this first and most prominently). I recommend you leave the groups alone, and have amavisd-new pass a file descriptor to clamdscan rather than telling it which file to scan: https://gitlab.com/amavis/amavis/issues/59
*** Bug 708734 has been marked as a duplicate of this bug. ***
Thanks Michael, I hope it gets to the official documentation.
Addressed in https://gitlab.com/amavis/amavis/-/merge_requests/37 which needs just one more approval.
I just mergend Michael's changes to both documentation and example configuration into Amavis' repository (https://gitlab.com/amavis/amavis/-/merge_requests/38). Thank you for your work, Michael.
This is done I think. In the future, people will see the easy option first in amavisd.conf.