Hi there, On Tue, 27 Apr 2021, Matthias Leopold via clamav-users wrote:
do I get it right that clamd has to run as root to work with vfs_virusfilter in Samba 4.13? I really thought I ran it as non-root the last time I tested it, but now I can't reproduce it and this confuses me.
If you're saying that it all works fine, that's great. :) Otherwise - it's years since I used SAMBA, I've never come across vfs_virusfilter, I don't use on-access scanning and I don't (usually) scan filesystems. Having said that all you really need to know is that if clamd is going to scan something then it needs to be able to read it. There's more than one way to arrange for that, but the simplest way is to run clamd as root and then it can read anything. Obviously if clamd itself is compromised and it's running as root then you have a serious problem. There have been vulnerabilities, and they've been fixed as they've been found, but I don't think I know of any case of clamd being compromised. If everything you need to scan can be read by an unprivileged process, or if some privileged process can read the data on clamd's behalf and pass it to clamd over the clamd socket, then you can run clamd as user 'clamav' or something and give that user very few permissions. You can start clamd as root and have it drop privileges and run as another user. That's what I do. It's all in the documentation. I run clamd on a (more or less) dedicated server, it only scans things which are passed to it over the network. That might cause performance problems if I were to try to scan whole filesystems, or to do anything resembling on-access scanning, but I don't plan to do that. Be careful with "virusfilter:infected file action", a false positive could ruin your whole OS. See the warnings in the ClamAV documentation. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
