| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Feb 2007 20:04:03 +0000 From: ohtgend@...ie.me.uk (Alan J. Wylie) To: bugtraq@...urityfocus.com Subject: Re: iDefense Security Advisory 02.15.07: Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability On Thu, 15 Feb 2007 13:50:59 -0500, iDefense Labs <labs-no-reply@...fense.com> said: > Exploitation allows attackers to degrade the service of the ClamAV > virus scanning service. The most important mitigating factor is that > the clam process runs with the privileges of the clamav user and > group. Clamav may not run in a user/group of its own, and there are several recommendations to run it as the same user as the amavisd-new content filter daemon. For example: http://developer.apple.com/server/virusfiltering.html | Running ClamAV as root is dangerous and leaves my server open to the | risk of intrusion, so instead, we run it as the user amavisd, which | we created in the previous section. and http://www200.pair.com/mecham/spam/clamav-amavisd-new.html has had new instructions regardin AllowSupplementaryGroups added, but the old ones read: | Now open up the clamd.conf file again (mine is /etc/clamav/clamd.conf) | We need to edit this file and change: | User clamav | to | User amavis -- Alan J. Wylie http://www.wylie.me.uk/ "Perfection [in design] is achieved not when there is nothing left to add, but rather when there is nothing left to take away." -- Antoine de Saint-Exupery
Powered by blists - more mailing lists