From: russell@coker.com.au (Russell Coker) Date: Sat, 27 Sep 2008 10:42:24 +1000 Subject: [refpolicy] services_amavis.patch In-Reply-To: <48DB81B6.6060906@martinorr.name> References: <48DAA876.2030804@redhat.com> <200809251719.10269.russell@coker.com.au> <48DB81B6.6060906@martinorr.name> Message-ID: <200809271042.26493.russell@coker.com.au> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Thursday 25 September 2008 22:19, Martin Orr wrote: > > The CentOS servers that I run have Amavis and ClamAV running unconfined > > because getting the policy to work was too difficult (the two daemons > > interact with each other a lot, trying to keep them separate is a lost > > cause). > > How do they interact with each other beyond communicating by a socket and > clamd reading amavis spool files? They can communicate by a socket or by running a program. > And people might want to use clamav to scan things other than mail, or to > use a commercial AV scanner with amavis (of course in the latter case, they > would have to write policy for the AV scanner themselves). Even with the low quality we expect from closed-source software, I don't think it's a significant benefit to run it in a different domain. -- russell at coker.com.au http://etbe.coker.com.au/ My Blog http://www.coker.com.au/sponsorship.html Sponsoring Free Software development