[clamav-users] clamav incremental scan?
Grant Taylor
gtaylor at tnetconsulting.net
Tue May 4 20:22:00 UTC 2021
On 5/4/21 1:41 PM, Benny Pedersen via clamav-users wrote:
> fun part is that clamdscan needs root access, stupid
clamdscan does *NOT* /need/ root access.
clamdscan can scan files without root access perfectly fine.
What clamdscan /does/ /need/ is the ability to /access/ files to be
scanned. This ability can be provided by running as root -- which can
override almost all permission checks -- or by running it as different
users on different files.
So you can run clamdscan on your files and I can run clamdscan on my
files. Or root can run clamdscan on both of our files. But /root/ is
/optional/ here and not /needed/.
> virus scanning must not be done as root user, else one knows why its
> unsecure on unpacking
I don't see anything that /needs/ /root/ here. I run clamd as it's own
user. Then clamdscan (or any other clamd client) can request that clamd
running as $ClamAVUser (nominally not-root) scan the file(s) that are
handed to it.
clamdscan will ask clamd (running as the $ClamAVUser) to scan the file.
By default, clamd will try to read the file directly, thus dependent on
permissions. But you can use --stream or --fdpass to have clamdscan
stream the file or pass the file descriptor to clamd for scanning
without clamd having permissions to the file itself. Thus you can cross
the standard unix user permissions barrier.
#[$USER@$HOST:~]% clamdscan myFile
/home/$USER/myFile: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.001 sec (0 m 0 s)
#[$USER@$HOST:~]% clamdscan --stream myFile
/home/$USER/myFile: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.072 sec (0 m 0 s)
#[$USER@$HOST:~]% clamdscan --fdpass myFile
/home/$USER/myFile: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.035 sec (0 m 0 s)
> hope clamav team redo this insecure in clamdscan
Please re-evaluate your position based on the above information.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210504/b7277e42/attachment.bin>
More information about the clamav-users
mailing list