Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Security Risk?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


b374bc75f40f8 at gmail

Oct 11, 2008, 8:29 AM

Post #1 of 5 (240 views)
Permalink
Security Risk?
Hey ClamAV,

Isn't this considered bad?

I have the Clam Antivirus Daemon running in a chroot jail as the user
"_clamav". My clamd.conf files is
"
TemporaryDirectory /tmp/
DatabaseDirectory /ClamAV/virusdb/
TCPSocket 3310
TCPAddr 127.0.0.1
DetectPUA yes
"

I noticed when using this command in terminal "echo SHUTDOWN | nc localhost
3310" would kill the daemon. I was not root at the time of sending the
command and the daemon still quits. Isn't this bad? This means that any user
who knows the port number ClamAV Daemon is running on could issue the
"SHUTDOWN" command and kill the process.

Shouldn't there be a config option or when compiling clamav, telling Clamd
to ignore the shutdown command? I'm not an expert but this seems like a
security risk.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


b374bc75f40f8 at gmail

Oct 11, 2008, 8:31 AM

Post #2 of 5 (226 views)
Permalink
Re: Security Risk? [In reply to]
Opps, I realized this was sent to the wrong list.
Sorry.

On Sat, Oct 11, 2008 at 11:29 AM, Some One <b374bc75f40f8[at]gmail.com> wrote:

> Hey ClamAV,
>
> Isn't this considered bad?
>
> I have the Clam Antivirus Daemon running in a chroot jail as the user
> "_clamav". My clamd.conf files is
> "
> TemporaryDirectory /tmp/
> DatabaseDirectory /ClamAV/virusdb/
> TCPSocket 3310
> TCPAddr 127.0.0.1
> DetectPUA yes
> "
>
> I noticed when using this command in terminal "echo SHUTDOWN | nc localhost
> 3310" would kill the daemon. I was not root at the time of sending the
> command and the daemon still quits. Isn't this bad? This means that any user
> who knows the port number ClamAV Daemon is running on could issue the
> "SHUTDOWN" command and kill the process.
>
> Shouldn't there be a config option or when compiling clamav, telling Clamd
> to ignore the shutdown command? I'm not an expert but this seems like a
> security risk.
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


b374bc75f40f8 at gmail

Oct 11, 2008, 11:11 AM

Post #3 of 5 (216 views)
Permalink
Re: Security Risk? [In reply to]
On Sat, Oct 11, 2008 at 11:31 AM, Some One <b374bc75f40f8[at]gmail.com> wrote:

> Opps, I realized this was sent to the wrong list.
> Sorry.
>
>
> On Sat, Oct 11, 2008 at 11:29 AM, Some One <b374bc75f40f8[at]gmail.com>wrote:
>
>> Hey ClamAV,
>>
>> Isn't this considered bad?
>>
>> I have the Clam Antivirus Daemon running in a chroot jail as the user
>> "_clamav". My clamd.conf files is
>> "
>> TemporaryDirectory /tmp/
>> DatabaseDirectory /ClamAV/virusdb/
>> TCPSocket 3310
>> TCPAddr 127.0.0.1
>> DetectPUA yes
>> "
>>
>> I noticed when using this command in terminal "echo SHUTDOWN | nc
>> localhost 3310" would kill the daemon. I was not root at the time of sending
>> the command and the daemon still quits. Isn't this bad? This means that any
>> user who knows the port number ClamAV Daemon is running on could issue the
>> "SHUTDOWN" command and kill the process.
>>
>> Shouldn't there be a config option or when compiling clamav, telling Clamd
>> to ignore the shutdown command? I'm not an expert but this seems like a
>> security risk.
>>
>

Sorry for the mistakes, I should not top post. Also I do have the right
mailing list.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


ged at jubileegroup

Oct 12, 2008, 4:48 AM

Post #4 of 5 (213 views)
Permalink
Re: Security Risk? [In reply to]
Hi there,

On Sun, 12 Oct 2008 Some One wrote:

> ... "echo SHUTDOWN | nc localhost 3310" would kill the daemon.
> I was not root at the time of sending the command and the daemon
> still quits. Isn't this bad?

Check the permissions on the socket?

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


b374bc75f40f8 at gmail

Oct 12, 2008, 6:21 AM

Post #5 of 5 (213 views)
Permalink
Re: Security Risk? [In reply to]
Oh okay. My problem was I never set "LocalSocket STRING" in my clamd.conf
file therefore anybody was able to send the SHUTDOWN command to the daemon.
Thank you.

On Sun, Oct 12, 2008 at 7:48 AM, G.W. Haywood <ged[at]jubileegroup.co.uk>wrote:

> Hi there,
>
> On Sun, 12 Oct 2008 Some One wrote:
>
> > ... "echo SHUTDOWN | nc localhost 3310" would kill the daemon.
> > I was not root at the time of sending the command and the daemon
> > still quits. Isn't this bad?
>
> Check the permissions on the socket?
>
> --
>
> 73,
> Ged.
> _______________________________________________
> Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
> http://www.clamav.net/support/ml
>
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.