-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/19/2012 04:41 PM, Bill Shirley wrote: > > On 9/19/2012 3:21 PM, Daniel J Walsh wrote: On 09/19/2012 07:36 AM, Bill > Shirley wrote: >>>> On 9/19/2012 5:47 AM, Arthur Dent wrote: >>>>>> "What tells it that it is a "scan" service? That bit of the >>>>>> puzzle seems to be missing..." >>>>>> >>>>>> Whatever is the parameter after the @ and before the dot becomes >>>>>> %i in the service file. Look at the service file: [Unit] >>>>>> Description = clamd scanner (%i) daemon After = syslog.target >>>>>> nss-lookup.target network.target >>>>>> >>>>>> [Service] Type = simple ExecStart = /usr/sbin/clamd -c >>>>>> /etc/clamd.d/%i.conf --nofork=yes Restart = on-failure PrivateTmp >>>>>> = true >>>>>> >>>>>> so clamd@scan.service invokes clamd with the scan.conf file as >>>>>> it's configuration file. This way you can have multiple clamd >>>>>> services each using a different config file. Just create another >>>>>> config file in /etc/clamd.d/my_config.conf and: ln -s >>>>>> /lib/systemd/system/clamd@.service >>>>>> /etc/systemd/system/clamd@my_config.service >>>>>> >>>>>> You should have the /etc/clamd.d/scan.conf I think: >>>>>> >>>>>> [root@moses shorewall]# rpm -qf /etc/clamd.d/scan.conf >>>>>> clamav-scanner-0.97.5-1700.fc17.noarch >>>>> Thank you Bill for a helpful and, more importantly, informative >>>>> reply. I think this will not only help me to solve my problem but, >>>>> even better, help me to understand where I was going wrong. >>>>> >>>>> As before, I don't have access to the machine right now, so i will >>>>> try when I get home to work through this and get it right. >>>>> >>>>> I will once again report back later... >>>>> >>>>> Thanks again. Your help is much appreciated. >>>>> >>>>> Mark >>>>> >>>>> >>>> You mentioned scanning email. I run clamav-milter and stop the virus >>>> at smtp time. You may find this helpful: >>>> >>>> [root@moses clamav]# rpm -qa | grep clam | sort >>>> clamav-data-0.97.5-1700.fc17.noarch >>>> clamav-filesystem-0.97.5-1700.fc17.noarch >>>> clamav-lib-0.97.5-1700.fc17.x86_64 >>>> clamav-milter-0.97.5-1700.fc17.x86_64 >>>> clamav-milter-systemd-0.97.5-1700.fc17.noarch >>>> clamav-scanner-0.97.5-1700.fc17.noarch >>>> clamav-scanner-systemd-0.97.5-1700.fc17.noarch >>>> clamav-server-0.97.5-1700.fc17.x86_64 >>>> clamav-server-systemd-0.97.5-1700.fc17.noarch >>>> clamav-update-0.97.5-1700.fc17.x86_64 >>>> >>>> For clamav-milter, I had to add clamilt to the postfix group (usermod >>>> -a -G postfix clamilt): [root@moses clamav]# egrep 'post|clam' >>>> /etc/group mail:x:12:postfix postfix:x:89:clamilt postdrop:x:90: >>>> clamscan:x:987:clamilt clamilt:x:988:postfix clamupdate:x:989: >>>> >>>> >>>> Add to the end of /etc/mail/clamav-milter.conf: # my stuff # be sure >>>> to comment out above: Example >>>> >>>> ClamdSocket unix:/var/run/clamd.scan/clamd.sock >>>> MilterSocket /var/run/clamav-milter/clamav-milter.socket >>>> ##MilterSocket inet:3381 # usermod -a -G postfix clamilt >>>> MilterSocketGroup postfix MilterSocketMode 660 >>>> >>>> OnInfected Reject AddHeader Replace >>>> >>>> #LogFile /var/log/clamav-milter.log #LogFileMaxSize 1M >>>> #LogTime yes LogSyslog yes LogFacility >>>> LOG_MAIL #LogVerbose no LogClean Basic >>>> LogInfected Full >>>> >>>> Add to postfix's main.cf: # usermod -a -G clamilt postfix >>>> smtpd_milters = unix:/var/run/clamav-milter/clamav-milter.socket >>>> #milter_default_action = accept milter_default_action = tempfail >>>> >>>> I can't remember if I had to create the directory, but here is that >>>> info: [root@moses clamav]# ldpz >>>> /var/run/clamav-milter/clamav-milter.socket drwxr-xr-x. root root >>>> system_u:object_r:var_t:s0 /var lrwxrwxrwx. root root >>>> system_u:object_r:var_run_t:s0 /var/run -> ../run drwx--x---. clamilt >>>> clamilt system_u:object_r:clamd_var_run_t:s0 /var/run/clamav-milter >>>> srw-rw----. clamilt postfix system_u:object_r:clamd_var_run_t:s0 >>>> /var/run/clamav-milter/clamav-milter.socket >>>> >>>> >>>> For clamav, to avoid selinux problems issue command: setsebool -P >>>> clamd_use_jit on >>>> >>>> Add to end of scan.conf: # my stuff # be sure to commend out above: >>>> Example >>>> >>>> #LogFile /var/log/clamav/clamd.scan #LogFacility >>>> LOG_MAIL LogFacility LOG_DAEMON ExtendedDetectionInfo >>>> yes LocalSocket /var/run/clamd.scan/clamd.sock >>>> #LocalSocketGroup virusgroup #LocalSocketMode 660 >>>> FixStaleSocket yes CrossFilesystems no ExcludePath >>>> ^/proc/ ExcludePath ^/sys/ ExcludePath ^/fuse/ >>>> ExcludePath ^/backup/ ExcludePath ^/bacula/ >>>> SelfCheck 3600 >>>> >>>> >>>> And finally freshclam, add to the end of freshclam.conf: # my stuff >>>> LogFacility LOG_DAEMON DatabaseMirror db.US.clamav.net TestDatabases >>>> yes >>>> >>>> >>>> Note in all the clamav configuration file there is a line: Example >>>> that has to be commented out for the service to run. >>>> >>>> Don't forget to systemctl enable these to services: [root@moses >>>> clamav]# systemctl is-active clamav-milter.service active [root@moses >>>> clamav]# systemctl is-active clamd@scan.service active >>>> >>>> Hope this helps, Bill >>>> >>>> >>>> > Is this the default setting for clamd now? clamd_use_jit on Should we > turn this on by default? I can't speak for everyone else, but with my > setup, I was getting selinux errors with clamd. When I ran audit2allow it > said to set this boolean to eliminate the errors. > > Bill > > Well had you changed any default settings in clamd to turn on JIT or does it come with JIT turned on by default? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBaMGAACgkQrlYvE4MpobO1hQCgu6O9WCIZ2byEgkkFX09ophHd 0bwAoLJkGJxgx1IWrqpumUEs4M7FHJih =pzaT -----END PGP SIGNATURE----- -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
