I have seen in my server logs "Access denied" errors from Clamd.
These errors allways appears after a TNEF archive expansion.
- error clamd.png (141.73 KiB) Viewed 1307 times
Code: Select all
[user@]# ls -l /var/spool/MailScanner/
total 0
drwxrwxr-x. 2 root mtagroup 6 Dec 7 12:01 archive
drwxrwx---. 25 root mtagroup 540 Jan 22 01:01 incoming
drwxrwxr-x. 2 postfix postfix 30 Jan 22 01:01 milterin
drwxrwxr-x. 2 postfix postfix 6 Jan 22 00:59 milterout
drwxrwxr-x. 18 postfix mtagroup 262 Jan 22 00:01 quarantine
drwxrwx---. 5 root mtagroup 112 Jan 21 20:59 ramdisk_store
drwxr-xr-x. 2 postfix mtagroup 6 Oct 29 23:57 spamassassinCode: Select all
[user@]# ls -l /var/spool/MailScanner/incoming/
total 2460
drwxrwx---. 3 postfix mtagroup 100 Jan 22 00:58 14651
drwxrwx---. 2 apache mtagroup 40 Oct 30 00:30 clamav-tmp
drwxr-xr-x. 2 root postfix 240 Jan 21 20:59 Locks
-rw-------. 1 postfix postfix 43008 Jan 22 00:58 Processing.db
-rw-------. 1 postfix postfix 2471936 Jan 22 00:57 SpamAssassin.cache.db
drwxr-xr-x. 2 postfix root 100 Jan 22 00:58 SpamAssassin-TempCode: Select all
Run As User = postfix
Run As Group = postfix
Incoming Work Group = mtagroup
Incoming Work Permissions = 0660
Expand TNEF = yes
Use TNEF Contents = replace
Deliver Unparsable TNEF = yes
TNEF Expander = /usr/bin/tnef --maxsize=100000000
TNEF Timeout = 120Code: Select all
User clamscanCode: Select all
[user@]# grep mtagroup /etc/group
mtagroup:x:1001:clamscan,php-fpm,apache,postfix