On 08/14/2005 03:20 PM, Michael Schwendt wrote: > The aforementioned thread on fedora-extras-list gives an answer to > that. In particular, the thread refreshes why a single clamd is considered > wrong. In http://bugzilla.fedora.us/show_bug.cgi?id=268#c8 one may read "There does not exist "the" clamd daemon per system. Every application (MTA, webproxy, ...) needs an own instance; this has to do with permissions (daemon must not be run as root but must be able to read data provided by the application) and security (the MTA-scanner must not be able to read the temporary files of the squid-scanner)." I must say that I do not understand this. In the crash-hat setup a user and group clamav is created. I.e. not root. The clamd daemon is run under this user. clamdscan is used to connect to the clamd daemon. clamdscan runs as the user invoking it. clamdscan connects to the clamd daemon, sends the file to be checked and get the result back. As far as I can tell this is the setup explained in the documentation at the clamav web-site. I could not find anything about the need for several instances there. Questions 1. Why the need for instances of clamd for each application? The setup described above works, no problem with permissions as far as I can tell. 2. How would a MTA-scanner be able to read the temporary files of the squid-scanner? I can not see that this is possible. I may have missed something essential. If so, what? > A > single package, which "installs and works out-of-the-box" would be a dead > end for the other packages which will be added on top of the clamav base > packages. Why? They use the clamd daemon via clamdscan like all other users of the clamd daemon. As I said, I may have missed something essential, if so, please tell me what I missed. Lars -- Lars E. Pettersson <lars@xxxxxxxx> http://www.sm6rpz.se/