On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote:
>Freshclam Proxy Password is stored as plain text in Freshclam.conf file.
>
>HTTPProxyPassword myownpassword
>
>Any user is able to read that password.
>Is there a chance to store that password encrypted or in another place?

It should be safe to set permissions to freshclam.conf only to be readable
for owner, maybe group, dependending on your system:

-r--r--r-- 1 clamav adm 715 Apr 24  2021 /etc/clamav/freshclam.conf
% ps axuww | grep resh
clamav    2646  0.0  0.0  66864  6380 ?        Ss   Jan30   0:19 /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf --pid=/run/clamav/freshclam.pid

Here, permissions 0400 would be enough.

debian (and so I guess ubuntu) seems to do that automatically if password
is set:

   if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then
     # Tighten the permissions up if it contains a password
     if [ -n "$ppass" ]; then
       chmod 400 $FRESHCLAMCONFFILE
     else
       chmod 444 $FRESHCLAMCONFFILE
     fi

     chown "$dbowner":adm $FRESHCLAMCONFFILE
   fi

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat