From: russell@coker.com.au (Russell Coker)
Date: Sat, 27 Sep 2008 10:42:24 +1000
Subject: [refpolicy] services_amavis.patch
In-Reply-To: <48DB81B6.6060906@martinorr.name>
References: <48DAA876.2030804@redhat.com>
	<200809251719.10269.russell@coker.com.au>
	<48DB81B6.6060906@martinorr.name>
Message-ID: <200809271042.26493.russell@coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Thursday 25 September 2008 22:19, Martin Orr <martin@martinorr.name> wrote:
> > The CentOS servers that I run have Amavis and ClamAV running unconfined
> > because getting the policy to work was too difficult (the two daemons
> > interact with each other a lot, trying to keep them separate is a lost
> > cause).
>
> How do they interact with each other beyond communicating by a socket and
> clamd reading amavis spool files?

They can communicate by a socket or by running a program.

> And people might want to use clamav to scan things other than mail, or to
> use a commercial AV scanner with amavis (of course in the latter case, they
> would have to write policy for the AV scanner themselves).

Even with the low quality we expect from closed-source software, I don't think 
it's a significant benefit to run it in a different domain.

-- 
russell at coker.com.au
http://etbe.coker.com.au/          My Blog

http://www.coker.com.au/sponsorship.html Sponsoring Free Software development