On Thu, 12 Apr 2007 18:54:30 -0400 James Kosin <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Tomasz Kojm wrote: > > <--snip--> > > This can be solved using file permissions as well, eg. by running > > clamd with only read privileges to the database directory. > > > I was thinking about the possible VIRUS or TROJAN being able to gain > root access by some other means on a Linux system. And by simple > knowledge of the presence of ClamAV on the system; could render the > virus scanning engine completely useless just by placing a simple > blank file in the directory. Thanks to the fact that clamd will stop working and start reporting database errors you will be informed that something is wrong with your system, while silently ignoring the empty file would only hide the problem. -- oo ..... Tomasz Kojm <[EMAIL PROTECTED]> (\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg \..........._ 0DCA5A08407D5288279DB43454822DC8985A444B //\ /\ Fri Apr 13 00:58:00 CEST 2007 _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html