Re: iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability
On Thu, 15 Feb 2007 13:50:59 -0500, iDefense Labs <labs-no-reply@xxxxxxxxxxxx>
said:
> Exploitation allows attackers to degrade the service of the ClamAV
> virus scanning service. The most important mitigating factor is that
> the clam process runs with the privileges of the clamav user and
> group.
Clamav may not run in a user/group of its own, and there are several
recommendations to run it as the same user as the amavisd-new content
filter daemon. For example:
http://developer.apple.com/server/virusfiltering.html
| Running ClamAV as root is dangerous and leaves my server open to the
| risk of intrusion, so instead, we run it as the user amavisd, which
| we created in the previous section.
and
http://www200.pair.com/mecham/spam/clamav-amavisd-new.html
has had new instructions regardin AllowSupplementaryGroups added, but
the old ones read:
| Now open up the clamd.conf file again (mine is /etc/clamav/clamd.conf)
| We need to edit this file and change:
| User clamav
| to
| User amavis
--
Alan J. Wylie http://www.wylie.me.uk/
"Perfection [in design] is achieved not when there is nothing left to add,
but rather when there is nothing left to take away."
-- Antoine de Saint-Exupery