LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-05-2013, 03:37 AM   #1
aikempshall
Member
 
Registered: Nov 2003
Location: Bristol, Britain
Distribution: Slackware
Posts: 906

Rep: Reputation: 154Reputation: 154
clamav and clamdscan as unprivileged users


I've got a requirement to run clamdscan from an unprivileged user i.e. not root or clamav so users can scan incoming mail and do immediate scans on files that might be downloaded.

I've got clamd running and owned by clamav -

Code:
clamav     878     1  1 07:57 ?        00:00:26 /usr/sbin/clamd
So far the only way I've succeeded in running clamdscan, as an unprivileged user, is by either

1.
including clamdscan in the sudoers file with the ALL=NOPASSWD option for all users that should be running clamdscan.

or

2.
adding those users to the clamav group.


How have other Slackware users tackled this problem?


BTW I'm using "Scan with ClamAV (extended) 2.5.7" in dolphin to do the immediate scans. It seems to be a nicer solution than using clamtk. Even more so as I've never managed to get clamtk to work!

I've set up clamav as my virus scanner in kmail.


Alex
 
Old 12-05-2013, 11:53 PM   #2
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
you can have clamd listen on a tcp socket. but, can't you use clamscan (not clamdscan), which does not need clamd?
 
Old 12-06-2013, 04:21 AM   #3
aikempshall
Member
 
Registered: Nov 2003
Location: Bristol, Britain
Distribution: Slackware
Posts: 906

Original Poster
Rep: Reputation: 154Reputation: 154
Berhanie

We need clamd running to enable users to check, on demand, incoming messages for viruses. We receive a lot of messages from windows users and we don't want to inadvertently forward them on.

For instance messages might contain infected pictures that we don't want to load up to websites. We've recently had a scare with "BC.Exploit.CVE_2013_3906" which we may have received from a windows user and we don't want to pass it on.

Alex
 
Old 12-06-2013, 05:55 AM   #4
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
ok, but that doesn't preclude using clamscan. i don't know what dolphin requires, but
both clamdscan and clamscan do "on demand" scanning.

Code:
clamdscan (1)        - scan files and directories for viruses using Clam AntiVirus Daemon
clamscan (1)         - scan files and directories for viruses
the output above is from the man pages for clam*-0.98.

if you need to use clamd, having it listen on a tcp socket is an easy way to avoid permissions
issues:

Code:
#clamd.conf
...
TCPSocket <whatever>
TCPAddr 127.0.0.1
 
Old 12-06-2013, 12:19 PM   #5
aikempshall
Member
 
Registered: Nov 2003
Location: Bristol, Britain
Distribution: Slackware
Posts: 906

Original Poster
Rep: Reputation: 154Reputation: 154
Berhanie

The reason why I'd prefer to use clamdscan is speed. I've found that clamscan takes 22secs to scan a file whilst clamdscan appears to do the same job in less than 2secs see examples below.

I know there's all sorts of ways that scanning can be done - TCP sockets, unix sockets, clamscan and so on. Really what I'm after is finding out whether people add their standard, i.e. non-root, users to the clamav group or not to allow virus scanning in Kmail or on demand via dolphin or the command line or do something completely different.

Examples


Code:
$clamscan /home/alex/pm65dir/nw1700.zip
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2997298
Engine version: 0.98
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 12.95 MB
Data read: 3.43 MB (ratio 3.77:1)
Time: 22.232 sec (0 m 22 s)
Code:
$ clamdscan --fdpass /home/alex/pm65dir/nw1700.zip
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 1.625 sec (0 m 1 s)

Repeat 1st test to ensure increased speed is not due to caching

Code:
$ clamscan /home/alex/pm65dir/nw1700.zip          
/home/alex/pm65dir/nw1700.zip: BC.Exploit.CVE_2013_3906 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 2997298
Engine version: 0.98
Scanned directories: 0
Scanned files: 1
Infected files: 1
Data scanned: 12.95 MB
Data read: 3.43 MB (ratio 3.77:1)
Time: 22.082 sec (0 m 22 s)
Regards

Alex
 
Old 12-07-2013, 10:00 AM   #6
Berhanie
Senior Member
 
Registered: Dec 2003
Location: phnom penh
Distribution: Fedora
Posts: 1,625

Rep: Reputation: 165Reputation: 165
hello, alex.

Quote:
Really what I'm after is finding out whether people add their standard, i.e. non-root, users to the clamav group or not to allow virus scanning in Kmail or on demand via dolphin or the command line or do something completely different.
on my mail server, all mail goes through clamav-milter. on my laptop, where malware scanning is an infrequent event, and where i don't run clamd, i just use clamscan (on the commandline) when i need to check for malware.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Permissions for clamdscan nebulein Linux - Software 4 10-06-2011 08:34 AM
Problem with permissions for the /etc/profile for unprivileged users. Exeis Linux - Security 1 03-24-2008 05:38 PM
Allow unprivileged users to change runlevel TexasDex Linux - Software 8 03-03-2008 09:16 AM
clamav users: virusdbase update help ic_torres Linux - Software 2 01-16-2006 12:07 AM
Printers for unprivileged users dvishloff Linux - General 2 09-01-2005 01:59 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 12:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration