On 1/31/20 10:01 AM, Reio Remma via clamav-users wrote:
>
> The way it's set up is that it needs to be ran as root once to have it
> set itself up. From cron it runs as clamav user.
>
The upstream systemd service runs as root as well. And from a distro
point of view, it's just bad mojo to install vulnerable scripts to
root's $PATH.
I've been dragging my feet on these updates because I don't know how to
fix this. The least-bad idea I have so far is to just patch the script
to die if it's run as EUID == 0.
But the rest of the script is even more insane, doing things like using
the following as an integrity check:
if [ "$(tail -n 1 "${0}" | head -n 1 | cut -c 1-7)" != "exit \$?" ];
then
echo "FATAL ERROR: Script is incomplete, please redownload"
exit 1
fi
I don't even know how to file a bug report for that =P
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
