Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 293735 - app-antivirus/clamav milter socket permissions do not appear to be correct on install.
Summary: app-antivirus/clamav milter socket permissions do not appear to be correct on...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Antivirus Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 293740
  Show dependency tree
 
Reported: 2009-11-19 15:37 UTC by Philippe Chaintreuil
Modified: 2018-04-20 11:38 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe Chaintreuil 2009-11-19 15:37:37 UTC 
NOTE: I'm running Postfix as my SMTP server.

After installing clamav +milter and telling postfix about it, I get the following errors in my logs:

--------------------------------------------------------------------------------
Nov 19 09:00:26 hobbes postfix/smtpd[2649]: warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied
--------------------------------------------------------------------------------

Now, I'm making this up as I go, but I found I had to:

# usermod -a -G clamav postfix
# chmod g+w /var/run/clamav/clamav-milter.sock
# /etc/init.d/postfix restart

To get it to work.
Comment 1 Philippe Chaintreuil 2009-11-19 15:45:04 UTC 
Group-writable permissions get set back to srwxr-xr-x whenever clamd is restarted, so the chmod in 2nd part of the bug report is not sufficient in the long run.
Comment 2 Philippe Chaintreuil 2009-11-19 16:53:33 UTC 
Looks like clamav has been dealing with this for a little while:

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1288
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1726

I can't make heads or tails what the correct fix is.  There are talks of UMASK, it all being libmilter's fault, and plenty of refusals to make any changes since it works for Sendmail just fine.

I also found this wiki entry which contains a init script that waits (up to 20 seconds) for the socket to appear and then fixes the permissions:

http://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
Comment 3 Philippe Chaintreuil 2009-11-19 17:00:41 UTC 
The dkim-milter ebuild has the following in it's ebuild:

    ewarn "Make sure your MTA has r/w access to the socket file."
    ewarn "This can be done either by setting UMask to 002 and adding MTA's user"
    ewarn "to milter group or you can simply set UMask to 000."

But, dkim-milter has a UMask setting in it's config file.

(Default setting "UMask = 022", my current setting "UMask = 002" per the ewarn.)
Comment 4 Thomas Raschbacher gentoo-dev 2018-04-20 08:38:24 UTC 
just found this old bug again .. is this still an issue? - i do not have a system where I am running this, so can't test.
please re-open if it is still a problem
Comment 5 Thomas Raschbacher gentoo-dev 2018-04-20 09:52:57 UTC 
ok i just decided to give it a quick test-run on my mailserver .. seems that issue is still there. reopening it
Comment 6 Thomas Raschbacher gentoo-dev 2018-04-20 11:38:37 UTC 
confirmed - this can be easily fixed by just editing the clamav-milter config file

I will add it to the extended instructions from bug #293740 -- the permissions might be different depending on MTA (e.g. for postfix you need postfix group,..)