On 7/22/2011 5:46 PM, Chuck Swiger wrote: > On Jul 22, 2011, at 2:39 PM, Nathan Gibbs wrote: >> Does clamd have any form of network access control? For instance >> limiting what IP's can connect. > > By default, you're either using a local Unix domain socket associated > with a path like /var/run/clamav/clamd, or a TCP socket bound to > localhost aka 127.0.0.1. If you change things to bind to a routable > IP, then you should implement appropriate firewall rules to manage > access to clamd. >
Right, Firewalls should be the first line of defense. Now if somebody did set clamd up to bind to a routable IP and misconfigured the firewall :-( or God forbid didn't have a firewall. :-0 or, say the firewalls are configured to policy, and a hired pen tester, or rogue employee who has access to the network, decides to mess with clamd. ]:-> Then what? > (tcpwrappers is a possible solution, but many platforms also have > IPFW, PF, or similar available.) > Does clamd support tcpwrappers? Are there any other access control mechanisms. Thanks. -- Sincerely, Nathan Gibbs Systems Administrator Christ Media http://www.cmpublishers.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml