Update docs for clamav-milter - unix socket #39
Description
Latest update to clamav-milter makes the daemon run using the right SELinux context, but it's not included in the policy, so I can't use a tcp socket anymore, so I finally found how to make the unix socket work.
clamav_milter_options => {
'AddHeader' => 'add',
'OnInfected' => 'Reject',
'RejectMsg' => 'Message rejected: Infected by %v',
'MilterSocket' => 'unix:/var/run/clamav-milter/clamav-milter.socket',
'MilterSocketGroup' => 'postfix',
'MilterSocketMode' => '660',
},
manage_clamd => true,
manage_user => false,
manage_freshclam => true,
manage_clamav_milter => true,
clamd_service_ensure => 'running',
freshclam_service_ensure => 'stopped',
}
file{ '/var/run/clamav-milter':
ensure => directory,
group => 'postfix',
require => Package[['clamav_milter'],['postfix']],
}
user { 'clamilt':
groups => 'postfix',
require => Package[['clamav_milter'],['postfix']],
}
To allow postfix to communicate with clamav-milter through an unix socket, it needs x permissions on the parent folder and rw permission on the socket file. The permissions on the socket file are determined in the clamav_milter_options block, but for the parent folder I had to create a file directive. The user directive is there because a user must be part of the group it wants to change something to.