Hello Sebastian > A lot of the stuff in clamav-daemon is legacy stuff and solved in > systemd differently. To give an example: > - we pass `-c /etc/clamav/clamd.conf' in the non-systemd case. But this > is the default settings so we could drop it. Therefore it makes no > difference if you pass this in systemd case or not (nothing changes). > - In the systemv case we start the daemon via start-stop-daemon and pass > the user from the config as an argument. We could however start clamd > as root and let the daemon itself change the user to whatever is > selected in clamd.conf. This is what happens in the systemd case.Solvede
Thanks, so no use to specify configuration file in systemd clamav-daemon.service > I installed clamsmtp and been looking a little around and I think I > found the problem: You clamd.conf says > AllowSupplementaryGroups disabled > but clamsmtp adds the group clamsmtp to the clamav user: > # id clamav > uid=108(clamav) gid=113(clamav) groups=113(clamav),114(clamsmtp) > > With this option set to disabled / false clamav has only access to the > clamav user+group. I think if you revert your changes and instead set > true here (to AllowSupplementaryGroups) then it should work again. I > *think* systemd + start-stop-daemon do this by default and that is why > we did not notice this before. > Could you please check if this change works for you? Yes it solves the problem. Sorry for not having look further than user in clamd.conf configuration file. remarks : (1) I have made no editing of clamd.conf file (but still not an excuse for not checking this file). It's a file resulting (not provided by) from installation of clamav-daemon package. (2) It seems that starting clamd by sysinit does not enforce right permissions (<joke> shall I open a bug report for that ? </joke>). (3) are not AllowSupplementaryGroups and LocalSocketMode somehow contradictory ? Best regards XQ
