Hey ClamAV, Isn't this considered bad?
I have the Clam Antivirus Daemon running in a chroot jail as the user "_clamav". My clamd.conf files is " TemporaryDirectory /tmp/ DatabaseDirectory /ClamAV/virusdb/ TCPSocket 3310 TCPAddr 127.0.0.1 DetectPUA yes " I noticed when using this command in terminal "echo SHUTDOWN | nc localhost 3310" would kill the daemon. I was not root at the time of sending the command and the daemon still quits. Isn't this bad? This means that any user who knows the port number ClamAV Daemon is running on could issue the "SHUTDOWN" command and kill the process. Shouldn't there be a config option or when compiling clamav, telling Clamd to ignore the shutdown command? I'm not an expert but this seems like a security risk. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
