Bookworm
05-16-2004, 11:03 PM
I've gone through and done a number of tests with a new installation.
(Expect the QMRAdmin to get some additional information. I now have a fully daemonized ClamAV as well as a daemonized courier-passd setup)
Qmail-scanner-queue issues.
In Slackware, one cannot use suid-perl without completely installing Perl from scratch. Some may call this a problem, I call it a feature. Suid Perl CAN be a big security issue.
To configure qmail-scanner, you'll need the following cofniguration line
./configure --admin postmaster --domain <domain.com> --notify admin --local-domains <domain.com> --sa-delete 0 --skip-setuid-test
The --skip-setuid-test will allow you to continue the compile - otherwise it dies, claiming you can't run at all, instead of needing the wrapper.
The you install the wrapper, remove the taint from the file (the -T option) and chmod 0755 to qmail-scanner-queue.pl.
Edit the QMAILQUEUE line and put in qmail-scanner-queue (not .pl!)
Now comes the tricky part.
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g (yes, .pl)
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z (purges the logs of bounces that are parked for more than 30 hours)
Then, be sure to change the ownership of the /var/spool/qmailscan/tmp directory - Mine always seem to end up root:root - I believe it should be qscand:qscand.
Here's some new information - you should (Jason Haar requests/requires it) run the -z option after up@#$%!@#$%!@#$%!@#$%!@#$%!@#$%! your antivirus scanner, and/or your Spam scanner. This means that you should edit your crontab, and 10 minutes or so after up@#$%!@#$%!@#$%!@#$%!@#$%!@#$%! ClamAV, you should run that command.
Then, run the tests - setuidgid qscand /download/qmailrocks/qmail-scanner-1.22/contrib/test_installation.sh
If you _don't_ run the tests setuidgid, it will fail.
Hopefully this will help some people.
BW
(Expect the QMRAdmin to get some additional information. I now have a fully daemonized ClamAV as well as a daemonized courier-passd setup)
Qmail-scanner-queue issues.
In Slackware, one cannot use suid-perl without completely installing Perl from scratch. Some may call this a problem, I call it a feature. Suid Perl CAN be a big security issue.
To configure qmail-scanner, you'll need the following cofniguration line
./configure --admin postmaster --domain <domain.com> --notify admin --local-domains <domain.com> --sa-delete 0 --skip-setuid-test
The --skip-setuid-test will allow you to continue the compile - otherwise it dies, claiming you can't run at all, instead of needing the wrapper.
The you install the wrapper, remove the taint from the file (the -T option) and chmod 0755 to qmail-scanner-queue.pl.
Edit the QMAILQUEUE line and put in qmail-scanner-queue (not .pl!)
Now comes the tricky part.
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -g (yes, .pl)
setuidgid qscand /var/qmail/bin/qmail-scanner-queue.pl -z (purges the logs of bounces that are parked for more than 30 hours)
Then, be sure to change the ownership of the /var/spool/qmailscan/tmp directory - Mine always seem to end up root:root - I believe it should be qscand:qscand.
Here's some new information - you should (Jason Haar requests/requires it) run the -z option after up@#$%!@#$%!@#$%!@#$%!@#$%!@#$%! your antivirus scanner, and/or your Spam scanner. This means that you should edit your crontab, and 10 minutes or so after up@#$%!@#$%!@#$%!@#$%!@#$%!@#$%! ClamAV, you should run that command.
Then, run the tests - setuidgid qscand /download/qmailrocks/qmail-scanner-1.22/contrib/test_installation.sh
If you _don't_ run the tests setuidgid, it will fail.
Hopefully this will help some people.
BW