[clamav-users] clamav incremental scan?

Grant Taylor gtaylor at tnetconsulting.net
Tue May 4 20:22:00 UTC 2021 

On 5/4/21 1:41 PM, Benny Pedersen via clamav-users wrote:
> fun part is that clamdscan needs root access, stupid

clamdscan does *NOT* /need/ root access.

clamdscan can scan files without root access perfectly fine.

What clamdscan /does/ /need/ is the ability to /access/ files to be 
scanned.  This ability can be provided by running as root -- which can 
override almost all permission checks -- or by running it as different 
users on different files.

So you can run clamdscan on your files and I can run clamdscan on my 
files.  Or root can run clamdscan on both of our files.  But /root/ is 
/optional/ here and not /needed/.

> virus scanning must not be done as root user, else one knows why its 
> unsecure on unpacking

I don't see anything that /needs/ /root/ here.  I run clamd as it's own 
user.  Then clamdscan (or any other clamd client) can request that clamd 
running as $ClamAVUser (nominally not-root) scan the file(s) that are 
handed to it.

clamdscan will ask clamd (running as the $ClamAVUser) to scan the file.

By default, clamd will try to read the file directly, thus dependent on 
permissions.  But you can use --stream or --fdpass to have clamdscan 
stream the file or pass the file descriptor to clamd for scanning 
without clamd having permissions to the file itself.  Thus you can cross 
the standard unix user permissions barrier.

    #[$USER@$HOST:~]% clamdscan myFile
    /home/$USER/myFile: lstat() failed: Permission denied. ERROR

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Total errors: 1
    Time: 0.001 sec (0 m 0 s)
    #[$USER@$HOST:~]% clamdscan --stream myFile
    /home/$USER/myFile: OK

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Time: 0.072 sec (0 m 0 s)
    #[$USER@$HOST:~]% clamdscan --fdpass myFile
    /home/$USER/myFile: OK

    ----------- SCAN SUMMARY -----------
    Infected files: 0
    Time: 0.035 sec (0 m 0 s)

> hope clamav team redo this insecure in clamdscan

Please re-evaluate your position based on the above information.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210504/b7277e42/attachment.bin>

More information about the clamav-users mailing list