Mailinglist Archive: opensuse-security (670 mails)
| < Previous | Next > |
Re: [suse-security] email virus scan
- From: Rainer Link <link@xxxxxxx>
- Date: Mon, 19 Nov 2001 22:24:08 +0100 (CET)
- Message-id: <Pine.LNX.4.33.0111192218350.12928-100000@xxxxxxxxxxxxx>
On Mon, 19 Nov 2001 rhelms@xxxxxxx wrote:
> > I'd say it's a permission problem, please double-check README.qmail.
> > Please read http://www.amavis.org/amavis-faq.php3, MTA-config-issues,
> > section qmail, too.
>
> In fact this is a permission problem. The granted rights for
> /var/qmail/bin/sendmail must have executeright not only for the root-account.
> This sendmailprogram is calling qmail-inject for delivery. After the correct
> setting you can use the setuidscript normaly.
Huh? Show me the snippet of README.qmail which talks about changing the
permissions of /var/qmail/bin/sendmail. qmail-queue (the amavis script)
and qmail-queue-real (the original qmail-queue binary) are qmailq:qmail,
mode 4711. That are just the normal permissions as of qmail-queue
without amavis.
If you dislike that qmail-queue (the amavis) script requires the setuid
bit, then use the qmail-queue wrapper as discribed at
www.amavis.org/amavis-faq.php3
If you still do not like this concept for security reasons, then don't use
qmail ;-). qmail-scanner from Jason basically uses the same concept as
amavis-perl.
best regards,
Rainer Link
--
Rainer Link | SuSE - The Linux Experts
link@xxxxxxx | Developer of A Mail Virus Scanner (www.amavis.org)
www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
> > I'd say it's a permission problem, please double-check README.qmail.
> > Please read http://www.amavis.org/amavis-faq.php3, MTA-config-issues,
> > section qmail, too.
>
> In fact this is a permission problem. The granted rights for
> /var/qmail/bin/sendmail must have executeright not only for the root-account.
> This sendmailprogram is calling qmail-inject for delivery. After the correct
> setting you can use the setuidscript normaly.
Huh? Show me the snippet of README.qmail which talks about changing the
permissions of /var/qmail/bin/sendmail. qmail-queue (the amavis script)
and qmail-queue-real (the original qmail-queue binary) are qmailq:qmail,
mode 4711. That are just the normal permissions as of qmail-queue
without amavis.
If you dislike that qmail-queue (the amavis) script requires the setuid
bit, then use the qmail-queue wrapper as discribed at
www.amavis.org/amavis-faq.php3
If you still do not like this concept for security reasons, then don't use
qmail ;-). qmail-scanner from Jason basically uses the same concept as
amavis-perl.
best regards,
Rainer Link
--
Rainer Link | SuSE - The Linux Experts
link@xxxxxxx | Developer of A Mail Virus Scanner (www.amavis.org)
www.suse.de | Founder OpenAntiVirus Project (www.openantivirus.org)
| < Previous | Next > |