postfix, procmail and SELinux - No Go
Paul Howarth
paul at city-fan.org
Wed Jun 28 22:13:13 UTC 2006
On Wed, 2006-06-28 at 16:38 -0500, Marc Schwartz (via MN) wrote:
> On Wed, 2006-06-28 at 22:23 +0100, Paul Howarth wrote:
> > On Wed, 2006-06-28 at 15:56 -0500, Marc Schwartz (via MN) wrote:
>
> <snip>
>
> > >
> > > There are no .forward files on my system at all, unless that is a temp
> > > file, which does not make sense location-wise.
> > >
> > > A Google search came up empty for that file, so I can only presume that
> > > there are certain configuration scenarios where the pipelining of
> > > e-mails would require that file.
> > >
> > > Since I am using clamassassin, I also searched through that script and
> > > noted nothing relevant here.
> > >
> > > Not sure what else to make of it.
> >
> > That might be dontaudit-able. Is /var/lib/clamav any user's home
> > directory?
>
> The /var/lib/clamav tree appears to be owned by 'clamav', both user and
> group:
>
> $ ls -l /var/lib
> total 264
> ...
> drwxr-xr-x 2 clamav clamav 4096 Jun 28 11:00 clamav
> ...
>
> ls -l /var/lib/clamav
> total 8832
> -rw-r--r-- 1 clamav clamav 4050 Jun 28 11:01 clamav-4d6166b710f63075
> -rw-r--r-- 1 clamav clamav 3640966 Jun 9 16:49 clamav-651c96be267fc93e
> -rw-r--r-- 1 clamav clamav 380351 Jun 28 08:00 daily.cvd
> -rw-r--r-- 1 clamav clamav 4978654 Jun 9 18:00 main.cvd
>
>
> $ cat /etc/passwd | grep clamav
> clamav:x:100:101:Clamav database update user:/var/lib/clamav:/sbin/nologin
>
>
> $ cat /etc/group | grep clamav
> clamav:x:101:
The search in /var/lib/clamav is probably a result of something running
as that user, perhaps procmail. Does the clamav user get any mail?
Paul.
More information about the fedora-selinux-list
mailing list