[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Does email server OS needs clamav?

On Mon, 07 Dec 2009, Sthu Deus wrote:
> > I think ClamAV should run as "clamav" user, not "root" and the same
> > remains for many other services that use their own user.
> I think the same. But! In Debian all/most the mail-related services are
> run under the root user... I was asking here how I can change it - seems
> nobody cares for it...

This is simply not true.  Certainly not for exim or postfix, which are the
*only* MTAs worth considering for any professional usage, anyway.  Both of
these run with their own users, and in postfix' case, it does fine-grained
privsep (like ssh does) and chrooting.

At least postfix has also a targetted SELinux profiles, and can run fully
locked down with some configuration to allow for Cyrus SASL authentication,
if you need it.  I have no reason to believe exim to be any different.

amavisd-new refuses to run as root, and will run spamassassin and other such
stuff as the "amavis" user.  clamav will have clamd and freshclam running
with its own users as well, and not as root.

So, exactly what crap are you running on your "Debian mail server"?

> > Of course, your linux server does not need an antivirus to protect
> > itself, but to prevent your users to be infected. And remember that by
> > centralizing the anti-malware checking in one point (your e-mail server)
> > you are saving not just resources, but time and money to your company.
> Well. They still need to have antivirus software as they use internet...

Have you ever heard of any Windows AV that filters *outgoing* email?

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: