lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <873b57p4r0.fsf@devnull.wylie.me.uk>
Date: Thu, 15 Feb 2007 20:04:03 +0000
From: ohtgend@...ie.me.uk (Alan J. Wylie)
To: bugtraq@...urityfocus.com
Subject: Re: iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability

On Thu, 15 Feb 2007 13:50:59 -0500, iDefense Labs <labs-no-reply@...fense.com> said:

> Exploitation allows attackers to degrade the service of the ClamAV
> virus scanning service. The most important mitigating factor is that
> the clam process runs with the privileges of the clamav user and
> group.

Clamav may not run in a user/group of its own, and there are several
recommendations to run it as the same user as the amavisd-new content
filter daemon. For example:

http://developer.apple.com/server/virusfiltering.html

| Running ClamAV as root is dangerous and leaves my server open to the
| risk of intrusion, so instead, we run it as the user amavisd, which
| we created in the previous section.

and

http://www200.pair.com/mecham/spam/clamav-amavisd-new.html

has had new instructions regardin AllowSupplementaryGroups added, but
the old ones read:

| Now open up the clamd.conf file again (mine is   /etc/clamav/clamd.conf)

| We need to edit this file and change:
| User clamav
| to
| User amavis

-- 
Alan J. Wylie                                          http://www.wylie.me.uk/
"Perfection [in design] is achieved not when there is nothing left to add,
but rather when there is nothing left to take away."
  -- Antoine de Saint-Exupery

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ