On Thu, 12 Apr 2007 16:22:51 -0600 (MDT) James Bourne <[EMAIL PROTECTED]> wrote:
> On Fri, 13 Apr 2007, Tomasz Kojm wrote: > > > On Thu, 12 Apr 2007 18:08:06 -0400 > > James Kosin <[EMAIL PROTECTED]> wrote: > > > >> I just tested and clamd will try to read any file with the extension > >> of .cvd in the /var/lib/clamav directory. > >> My simple question is: > >> "Could this pose a security or virus scanning problem if someone > >> managed to place an empty or invalid .cvd file intensionally in the > >> database directory?" > > > > And what if the same person replaces clamd with a backdoor? Did you hear > > about filesystem permissions? > > He does have a point and it's not about filesystem permissions, unless you > run clamd as root.... You don't... Do you? > > If there is a remote security hole in a non-root process such as clamd that > has write access to /var/lib/clamav but not to /usr/sbin/clamd or > /usr/bin/freshclam then it is possible to remotely cause a DOS on clamd by > placing a blank file called whatever.cvd and waiting for clamd to be > reloaded by freshclam. This can be solved using file permissions as well, eg. by running clamd with only read privileges to the database directory. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Apr 13 00:32:58 CEST 2007 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html