[clamav-users] false positive on MBL_85256034.UNOFFICIAL with Google Drive links
Michael Orlitzky
michael at orlitzky.com
Thu Apr 29 17:10:04 UTC 2021
On Thu, 2021-04-29 at 16:22 +0100, G.W. Haywood via clamav-users wrote:
>
> 3. What is uid 110 on your system? On my clamd server it's 'sshd'.
> This means that if I were to run it as root as it is, the script would
> change ownership of the modified files to the wrong user (which would
> break future updates unless root did them) and for other users fail.
>
If you're lucky. The clamav user can replace those files with
sym/hardlinks to take over any file on the system.
More information about the clamav-users
mailing list