LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   clamav and clamdscan as unprivileged users (http://www.linuxquestions.org/questions/slackware-14/clamav-and-clamdscan-as-unprivileged-users-4175486933/)

aikempshall 12-05-2013 02:37 AM

clamav and clamdscan as unprivileged users
 
I've got a requirement to run clamdscan from an unprivileged user i.e. not root or clamav so users can scan incoming mail and do immediate scans on files that might be downloaded.

I've got clamd running and owned by clamav -

Code:

clamav    878    1  1 07:57 ?        00:00:26 /usr/sbin/clamd
So far the only way I've succeeded in running clamdscan, as an unprivileged user, is by either

1.
including clamdscan in the sudoers file with the ALL=NOPASSWD option for all users that should be running clamdscan.

or

2.
adding those users to the clamav group.


How have other Slackware users tackled this problem?


BTW I'm using "Scan with ClamAV (extended) 2.5.7" in dolphin to do the immediate scans. It seems to be a nicer solution than using clamtk. Even more so as I've never managed to get clamtk to work!

I've set up clamav as my virus scanner in kmail.


Alex

Berhanie 12-05-2013 10:53 PM

you can have clamd listen on a tcp socket. but, can't you use clamscan (not clamdscan), which does not need clamd?

aikempshall 12-06-2013 03:21 AM

Berhanie

We need clamd running to enable users to check, on demand, incoming messages for viruses. We receive a lot of messages from windows users and we don't want to inadvertently forward them on.

For instance messages might contain infected pictures that we don't want to load up to websites. We've recently had a scare with "BC.Exploit.CVE_2013_3906" which we may have received from a windows user and we don't want to pass it on.

Alex

Berhanie 12-06-2013 04:55 AM

ok, but that doesn't preclude using clamscan. i don't know what dolphin requires, but
both clamdscan and clamscan do "on demand" scanning.

Code:

clamdscan (1)        - scan files and directories for viruses using Clam AntiVirus Daemon
clamscan (1)        - scan files and directories for viruses

the output above is from the man pages for clam*-0.98.

if you need to use clamd, having it listen on a tcp socket is an easy way to avoid permissions
issues:

Code:

#clamd.conf
...
TCPSocket <whatever>
TCPAddr 127.0.0.1


aikempshall 12-06-2013 11:19 AM

Berhanie

The reason why I'd prefer to use clamdscan is speed. I've found that clamscan takes 22secs to scan a file whilst clamdscan appears to do the same job in less than 2secs see examples below.

I know there's all sorts of ways that scanning can be done - TCP sockets, unix sockets, clamscan and so on. Really what I'm after is finding out whether people add their standard, i.e. non-root, users to the clamav group or not to allow virus scanning in Kmail or on demand via dolphin or the command line or do something completely different.

Examples


Code:

$clamscan /home/alex/pm65dir/nw1700.zip
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2997298
Engine version: 0.98
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 12.95 MB
Data read: 3.43 MB (ratio 3.77:1)
Time: 22.232 sec (0 m 22 s)

Code:

$ clamdscan --fdpass /home/alex/pm65dir/nw1700.zip
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 1.625 sec (0 m 1 s)


Repeat 1st test to ensure increased speed is not due to caching

Code:

$ clamscan /home/alex/pm65dir/nw1700.zip         
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2997298
Engine version: 0.98
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 12.95 MB
Data read: 3.43 MB (ratio 3.77:1)
Time: 22.082 sec (0 m 22 s)

Regards

Alex

Berhanie 12-07-2013 09:00 AM

hello, alex.

Quote:

Really what I'm after is finding out whether people add their standard, i.e. non-root, users to the clamav group or not to allow virus scanning in Kmail or on demand via dolphin or the command line or do something completely different.
on my mail server, all mail goes through clamav-milter. on my laptop, where malware scanning is an infrequent event, and where i don't run clamd, i just use clamscan (on the commandline) when i need to check for malware.


All times are GMT -5. The time now is 08:32 AM.