SELinux interfering with clamav?
Edward Kuns
ekuns at kilroy.chi.il.us
Mon Mar 3 05:40:17 UTC 2008
It's taking a while to track down the full policy needed for
clamav-milter to be able to detect a virus and react fully, as I have to
wait until I receive a virus (sending out outgoing doesn't trigger the
same results). Here is my current policy after a few rounds of adding
another incremental rule:
module myclamav 1.0;
require {
type shell_exec_t;
type sendmail_exec_t;
type clamd_t;
class file { execute getattr };
}
#============= clamd_t ==============
allow clamd_t sendmail_exec_t:file { execute getattr };
allow clamd_t shell_exec_t:file getattr;
It looks like clamav-milter is running /usr/sbin/sendmail.sendmail via a
bash script, but I haven't looked into the workings to really be sure.
Eddie
--
Edward Kuns <ekuns at kilroy.chi.il.us>
More information about the fedora-selinux-list
mailing list