On 1/31/20 10:01 AM, Reio Remma via clamav-users wrote: > > The way it's set up is that it needs to be ran as root once to have it > set itself up. From cron it runs as clamav user. >
The upstream systemd service runs as root as well. And from a distro point of view, it's just bad mojo to install vulnerable scripts to root's $PATH. I've been dragging my feet on these updates because I don't know how to fix this. The least-bad idea I have so far is to just patch the script to die if it's run as EUID == 0. But the rest of the script is even more insane, doing things like using the following as an integrity check: if [ "$(tail -n 1 "${0}" | head -n 1 | cut -c 1-7)" != "exit \$?" ]; then echo "FATAL ERROR: Script is incomplete, please redownload" exit 1 fi I don't even know how to file a bug report for that =P _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml