[Avcheck] PARANOID define
Michael Tokarev
mjt@tls.msk.ru
Thu, 02 May 2002 17:05:20 +0400
Max Kalika wrote:
>
> Greetings avcheck list.
>
> I just got all the peices for virus scanning to work nice and fast.
>
> o postfix 1.1.7 (+tls +rbl_headers)
> o avcheck 0.8
> o sophie 1.33rc6
> o libsavi.so 3.56n (with latest patterns)
>
> I had to start sophie by doing
>
> # su sophie -c "/path/to/sophie -D"
Oh oh. Sophie support in avcheck is in preliminary stage, just like
sophos has only preliminary support for email formats.
> because avcheck checks the owner of the socket that sophie creates. If sophie
> was started by root, the socket is created as root and avcheck complains about
> BUGGY scanners.
Oh well... ;) That was written when I played with avp who IS buggy like a hell.
Anyway, yes, this is a general rule: do not allow ANY virusscanner to run as
root.
> Sophie, however drops its privileges on startup and binding
> and any children processes that it starts are owned by whatever was set during
> compile time (--with-user). I propose the following patch then to avcheck that
> can override the PARANOID setting at compile time (without the need to edit
> files).
Ok. Checked in with minor mods (with ability to have PARANOID=2). But it may
be better to chown AND chmod a socked in sophie startup script right after the
above command -- the "idea" is to restrict access to *this* sophie "instance"
that, in the ideal world, should be used only for email (and you will be able
to control it's concurrency in the MTA).
[]
> p.s. the website says that 0.7 is the latest version, but 0.8 is available on
> ftp. Which one should be used in production environments?
Me bad. I hope to made 0.9 release "RSN" (tm). We have a small holiday here
in Russia, almost a week, so I should have some time to do all the things.
Web page just wasn't updated.
Regards,
Michael.