CentOS-6.6 Postfix-2.11.1 (local) ClamAV-0.98.5 (epel) Amavisd-new-2.9.1 (epel) opendkim-2.9.0 (centos) pypolicyd-spf-1.3.1 (epel) Is there something going on in selinuxland with respect to clamav, amavisd-new and postfix? Since the most recent update of clamav I seem to be detecting more avc's. It may be that it is because I am looking for them more frequently but it seems to me that something has happened external to my control. The most recent things I see are these: audit2allow -l -a #============= amavis_t ============== allow amavis_t sysfs_t:dir read; allow amavis_t sysfs_t:file open; #============= clamscan_t ============== #!!!! The source type 'clamscan_t' can write to a 'dir' of the following types: # clamscan_tmp_t, clamd_var_lib_t, tmp_t, root_t allow clamscan_t amavis_spool_t:dir write; #============= postfix_smtp_t ============== allow postfix_smtp_t postfix_spool_maildrop_t:file open; #============= spamd_t ============== allow spamd_t etc_runtime_t:file append; Is there anything wrong with just creating a local policy module for these and loading it? -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3