ClamAV/Dazuko and user vs. root
Hi List, finally I got round to installing Dazuko (and my first self-compiled kernel in the process) on my SuSE 8.0 box. Now I am trying to make up my mind what to do with it. As Virus Scanners, I have Sophos, Antivir f. Workstation, ClamAV and F-Prot (triggered mostly by amavisd-new). At least ClamAV and Antivir should be able to make use of Dazuko. However, it seems that Dazuko only allows root to interact with it and this would mean I would no longer be able to run clamd as a less-privileged user. Did I understand this right? If so, what are the respective drawbacks and advantages of running clamd as root or not using dazuko after all? Also, what do you think whether it would cause problems to have both Antivir and clamd trying to use Dazuko? Thanks a lot in advance, Andreas -- God is real... unless declared as an integer. -- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5
Quoting Andreas Wagner <A.Wagner@stud.uni-frankfurt.de>:
finally I got round to installing Dazuko (and my first self-compiled kernel in the process) on my SuSE 8.0 box. Now I am trying to make up my mind what to do with it. As Virus Scanners, I have Sophos, Antivir f. Workstation, ClamAV and F-Prot (triggered mostly by amavisd-new). At least ClamAV and Antivir should be able to make use of Dazuko. However, it seems that Dazuko only allows root to interact with it and this would mean I would no longer be able to run clamd as a less-privileged user.
Did I understand this right? If so, what are the respective drawbacks and advantages of running clamd as root or not using dazuko after all?
Also, what do you think whether it would cause problems to have both Antivir and clamd trying to use Dazuko?
It all depends on what you are trying to accomplish. As I understand it, dazuko bascially allows virus scanners to act like they do in Windows, scanning files as they are opened and whatnot. Considering how rare actual linux viruses are, in fact, I don't think I've ever even heard of a file-infecting style virus (as opposed to worms or trojans) for linux. There does not seem to be much point in running dazuko at this time. Certainly not worth the effort involved, in my humble opinion. If you're using the virus scanner on your e-mail, through amavis, dazuko is superfluous. Amavis calls the virus scanner by itself. What is your goal? What are you trying to accomplish in what type of environment? Depending on your environment, running clamd as root may not be much of a security risk, as long as you make certain that it is only listening to localhost and/or host-firewalled off.
On Saturday 03 April 2004 02.50, suse@rio.vg wrote:
It all depends on what you are trying to accomplish. As I understand it, dazuko bascially allows virus scanners to act like they do in Windows, scanning files as they are opened and whatnot.
Considering how rare actual linux viruses are, in fact, I don't think I've ever even heard of a file-infecting style virus (as opposed to worms or trojans) for linux. There does not seem to be much point in running dazuko at this time. Certainly not worth the effort involved, in my humble opinion.
samba server? Not having to have AV on every win-client seems worthwhile to me
Quoting Anders Johansson <andjoh@rydsbo.net>:
samba server? Not having to have AV on every win-client seems worthwhile to me
That's true. That's what I get for working for an ISP for too long. I've forgotten everything about windows workgroups and lans... For a workgroup file server, dazuko would probably be worth it, even with clam run as root. It all depends on the environment...
Hello list, * suse@rio.vg wrote on Apr/02/2004:
Quoting Anders Johansson <andjoh@rydsbo.net>:
samba server? Not having to have AV on every win-client seems worthwhile to me
That's true. That's what I get for working for an ISP for too long. I've forgotten everything about windows workgroups and lans... For a workgroup file server, dazuko would probably be worth it, even with clam run as root. It all depends on the environment...
I feel a bit embarrassed - I do not even know what my goal actually is. Basically, this is a internet-connected stand-alone linux laptop and I'm merely trying to get acquainted with all sorts of security stuff and play around with it. I want to thank you (both) for your excellent suggestions anyway, tho. Both the arguments about rareness of file-infecting virii in linux environments *and* about the benefits of having dazuko on a samba LAN fileserver make perfect sense to me. I'll be sure to remember those when I one day have to set up something for some more serious environment. Thanks a lot, Andreas -- Real programmers don't document. If it was hard to write, it should be hard to understand. -- My Public PGP Keys: 1024 Bit DH/DSS: 0x869F81BA 768 Bit RSA: 0x1AD97BA5
participants (3)
-
Anders Johansson
-
Andreas Wagner
-
suse@rio.vg