LS,
The idea is noble, allowing clamd to drop privileges and thus being less
vulnerable to manipulations. Running Clamonacc as root and feeding clamd
with only the fd of a file. Alas, this still requires clamd to have read
permission to read a file outside it's own user and group settings.
Of course, one can make all files and directories world readable, but
that is exactly want you want to avoid on a public server. I want file
access to be controlled and only root can access them all. So, to be
able to let clamd do it's work, I had to reverse the privilege setting
to keep clamd running as root.
Actually, this was expected from the start that this feature would not
work without streaming support by clamonacc.
--- Frans
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml