Brian Morrison wrote: > Tomasz Kojm wrote: >> On Wed, 16 Apr 2008 16:38:05 +0100 >> Brian Morrison <[EMAIL PROTECTED]> wrote: >> >>> Does the unsigned .cld file mean that an attack vector could be to edit >>> the .cld file and thus corrupt it? I can see that the cdiff signing >>> protects the path between the database servers and freshclam, but that >>> protection is not available once on an end-user system. >> freshclam makes sure that everything it downloads and installs comes from >> trusted sources. But if someone takes control over your database directory, >> then he do any kind of harm (remove or replace the entire database, add new >> signatures, etc.) >> > > Yes, I realise that. I run clamd under user clamav, hence it's probably > easier to access /var/lib/clamav/* than it would be if owned by root.
Why would that be? It is no more work to crack the root account than any other account. Nor any less. Hopefully too your clamav account has no shell defined. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
