Re: [Clamav-users] Version 0.71 - clamdscan error
On Fri, 28 May 2004 09:11:09 +0200 Thomas Lamy [EMAIL PROTECTED] wrote: Kevin Spicer wrote: On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: Just noticed that scanning files with clamdscan does not scan filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files, but an unpriviledged process could actually do all the processing? Good point. Please remember that clamd is a multithreaded application and such a separation is not possible because it will affect the main thread. A simpler (but slower) solution is to implement a workaround in clamdscan - verify if clamd is able to scan a file and if it isn't send it to a socket (STREAM) or (even better) create a copy with proper permissions in /tmp and pass it to clamd. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 29 13:18:18 CEST 2004 pgpKaugZyuyJk.pgp Description: PGP signature
RE: [Clamav-users] Version 0.71 - clamdscan error
Kevin Spicer wrote: On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: Just noticed that scanning files with clamdscan does not scan filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files, but an unpriviledged process could actually do all the processing? Good point. Please remember that clamd is a multithreaded application and such a separation is not possible because it will affect the main thread. A simpler (but slower) solution is to implement a workaround in clamdscan - verify if clamd is able to scan a file and if it isn't send it to a socket (STREAM) or (even better) create a copy with proper permissions in /tmp and pass it to clamd. And a unprivileged user could have access to root files. This is unthinkable. If there's a bug in the main thread anyone could access to any files. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Version 0.71 - clamdscan error
On Sat, 29 May 2004 14:47:00 +0200 Jerome Loyet [EMAIL PROTECTED] wrote: Kevin Spicer wrote: On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: Just noticed that scanning files with clamdscan does not scan filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files, but an unpriviledged process could actually do all the processing? Good point. Please remember that clamd is a multithreaded application and such a separation is not possible because it will affect the main thread. A simpler (but slower) solution is to implement a workaround in clamdscan - verify if clamd is able to scan a file and if it isn't send it to a socket (STREAM) or (even better) create a copy with proper permissions in /tmp and pass it to clamd. And a unprivileged user could have access to root files. This is unthinkable. If there's a bug in the main thread anyone could access to any files. Yes, that's why the solution I proposed although not very efficient is far less problematic. -- oo. Tomasz Kojm [EMAIL PROTECTED] (\/)\. http://www.ClamAV.net/gpg/tkojm.gpg \..._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Sat May 29 14:55:48 CEST 2004 pgpQ8fnE9yNyW.pgp Description: PGP signature
Re: [Clamav-users] Version 0.71 - clamdscan error
Kevin Spicer wrote: On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: Just noticed that scanning files with clamdscan does not scan filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files, but an unpriviledged process could actually do all the processing? Good point. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
[Clamav-users] Version 0.71 - clamdscan error
Just noticed that scanning files with clamdscan does not scan files that are not world readable. For example the file .mhonarc.db which is only readable by owner is not scanned by clamdscan. I had thought clamdscan was responsible for reading the files and passing them to clamd so that user 'jnp' running clamdscan would not have problems reading a file like .mhonarc.db ls -al tmp/ total 136 drwxr-xr-x 3 jnp napolisy 5120 May 25 18:22 ./ drwxr-xr-x 13 jnp napolisy 1024 May 26 19:22 ../ -rw-r- 1 jnp napolisy 62051 Aug 11 2003 .mhonarc.db drwxr-xr-x 2 jnp napolisy512 May 25 18:22 virus/ As user jnp: clamdscan tmp/ /usr/home/jnp/tmp//virus/eicar.binhex: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/eicar.com: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/eicar.mail: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/eicar.single: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/eicar.sq: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/eicar.uu: Eicar-Test-Signature FOUND /usr/home/jnp/tmp//virus/Patch.exe: Worm.Gibe.F FOUND /usr/home/jnp/tmp//virus/pack259.exe: Worm.Gibe.F FOUND /usr/home/jnp/tmp//virus/readnow 8.zip: Worm.Mimail.G FOUND /usr/home/jnp/tmp//virus/readnow.doc.scr: Worm.Mimail.G FOUND /usr/home/jnp/tmp//virus/topless.scr: Trojan.SdBot.Gen-34 FOUND /usr/home/jnp/tmp//virus/your_website.mail: Worm.SomeFool.Gen-1 FOUND /usr/home/jnp/tmp//.mhonarc.db: Unable to open file or directory. ERROR /usr/home/jnp/tmp/: OK x-tad-bigger-- /jørgen nørgaard e-mail: [EMAIL PROTECTED] | Phone: +45 2627 3769 http://anneli.dk/~jnp/ |\ _,,,---,,_ /,`.-'`'-. ;-;;,_ |,4- ) )-,_. ,\ ( `'-' '---''(_/--' `-'\_) /x-tad-bigger
Re: [Clamav-users] Version 0.71 - clamdscan error
Mr Mailing List wanted us to know: Just noticed that scanning files with clamdscan does not scan files that are not world readable. In this case, you must make the clamd daemon run as root instead of (the default) clamav. -- Regards... Todd They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. --Benjamin Franklin Linux kernel 2.6.3-8mdkenterprise 0 users, load average: 0.16, 0.10, 0.09 --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
Re: [Clamav-users] Version 0.71 - clamdscan error
On Thu, 2004-05-27 at 09:21, Mr Mailing List wrote: Just noticed that scanning files with clamdscan does not scan filesthat are not world readable. Perhaps it would be better if clamd could implement some kind of privilege separation, so that a minimal process running as root reads the files, but an unpriviledged process could actually do all the processing? BMRB International http://www.bmrb.co.uk +44 (0)20 8566 5000 _ This message (and any attachment) is intended only for the recipient and may contain confidential and/or privileged material. If you have received this in error, please contact the sender and delete this message immediately. Disclosure, copying or other action taken in respect of this email or in reliance on it is prohibited. BMRB International Limited accepts no liability in relation to any personal emails, or content of any email which does not directly relate to our business. --- This SF.Net email is sponsored by: Oracle 10g Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149alloc_id=8166op=click ___ Clamav-users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/clamav-users
