NOTE: I'm running Postfix as my SMTP server. After installing clamav +milter and telling postfix about it, I get the following errors in my logs: -------------------------------------------------------------------------------- Nov 19 09:00:26 hobbes postfix/smtpd[2649]: warning: connect to Milter service unix:/var/run/clamav/clamav-milter.sock: Permission denied -------------------------------------------------------------------------------- Now, I'm making this up as I go, but I found I had to: # usermod -a -G clamav postfix # chmod g+w /var/run/clamav/clamav-milter.sock # /etc/init.d/postfix restart To get it to work.
Group-writable permissions get set back to srwxr-xr-x whenever clamd is restarted, so the chmod in 2nd part of the bug report is not sufficient in the long run.
Looks like clamav has been dealing with this for a little while: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1288 https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1726 I can't make heads or tails what the correct fix is. There are talks of UMASK, it all being libmilter's fault, and plenty of refusals to make any changes since it works for Sendmail just fine. I also found this wiki entry which contains a init script that waits (up to 20 seconds) for the socket to appear and then fixes the permissions: http://wiki.linuxquestions.org/wiki/Postfix_with_clamav-milter
The dkim-milter ebuild has the following in it's ebuild: ewarn "Make sure your MTA has r/w access to the socket file." ewarn "This can be done either by setting UMask to 002 and adding MTA's user" ewarn "to milter group or you can simply set UMask to 000." But, dkim-milter has a UMask setting in it's config file. (Default setting "UMask = 022", my current setting "UMask = 002" per the ewarn.)
just found this old bug again .. is this still an issue? - i do not have a system where I am running this, so can't test. please re-open if it is still a problem
ok i just decided to give it a quick test-run on my mailserver .. seems that issue is still there. reopening it
confirmed - this can be easily fixed by just editing the clamav-milter config file I will add it to the extended instructions from bug #293740 -- the permissions might be different depending on MTA (e.g. for postfix you need postfix group,..)