Re: Lomac questions [was Re: [OT] SELinux vs. other systems]

[Luke Kenneth Casson Leighton <lkcl lkcl net>]

On Thu, Sep 02, 2004 at 12:29:07PM -0500, Linas Vepstas wrote:

> Is the 'broken-ness' the fact that grandma failed to run an anti-virus
> scanner and verify checksums, yada yada, before elevating the
> priveldge on the downloaded software?

 [this is all with the strict policy 1.14 mostly sortof btw]

 i've installed clamav, spamassassin, razor and pyzor.

 oh, and freshclam.

 i then found a little script called clamassassin [google], i then
 searched [google] for some advice on how to set up kmail filters.

 kmail, the clamassassin script and spamc all run under the user
 context.

 the user context is given the right to bind to servers.

 spamd and clamd both run as servers: they have their own
 policies that restrict their operation to what is known
 that they presently do, but they are allowed to listen to
 incoming requests [from spamc and the clamassassin script
 respectively.]

 selinux doesn't in the _slightest_ bit get in the way.


 the only thing that i did find is that razor is a complete pain.

 it endeavours to write log files into /root/razor.log, /tmp/razor.log,
 /razor.log, it's a pain, and selinux is _exactly_ the sort of thing
 that can detect - and stop! - this behaviour.

 pyzor appears to be a lot less haphazard.

 also nobody else appears to have tried to run freshclam [automatic
 update script] before now, so i had to hack the clamav.te policy
 a bit to get it to run.

 l.