On Thu, 15 Feb 2007 13:50:59 -0500, iDefense Labs <labs-no-reply@xxxxxxxxxxxx> said: > Exploitation allows attackers to degrade the service of the ClamAV > virus scanning service. The most important mitigating factor is that > the clam process runs with the privileges of the clamav user and > group. Clamav may not run in a user/group of its own, and there are several recommendations to run it as the same user as the amavisd-new content filter daemon. For example: http://developer.apple.com/server/virusfiltering.html | Running ClamAV as root is dangerous and leaves my server open to the | risk of intrusion, so instead, we run it as the user amavisd, which | we created in the previous section. and http://www200.pair.com/mecham/spam/clamav-amavisd-new.html has had new instructions regardin AllowSupplementaryGroups added, but the old ones read: | Now open up the clamd.conf file again (mine is /etc/clamav/clamd.conf) | We need to edit this file and change: | User clamav | to | User amavis -- Alan J. Wylie http://www.wylie.me.uk/ "Perfection [in design] is achieved not when there is nothing left to add, but rather when there is nothing left to take away." -- Antoine de Saint-Exupery
