Hi all,
The attached patch against Clamav-0.96.2 adds a ClamukoIgnoreSuperuser
option to Clamukofs. If set to "yes", files that are opened by processes
running as root will be ignored. They will not be scanned, and access is
always allowed. Regular processes are still denied access to the files.
Rationale: this gives the administrator more options for dealing with
infected files, such as copying them, gzipping them, or moving them to a
different partition.
Possible issues: the name of the option is a bit long, but using the
word "root" felt too ambiguous for something at the filesystem level.
Also, the code checks the ownership of /proc/<pid> to determine the uid
of the process, which may not be the most elegant or portable way to do it.
If someone finds this sort of thing useful, it should be relatively
simple to modify the patch so that Clamuko can accept a list of ignored
uid's, instead of just uid 0.
Kind regards,
--Alfred Klomp
--
Bokxing IT
Elektronicaweg 14a
2628 XG Delft
T: 088-00 164 00
F: 015-25 609 77
support@bokxing.nl
www.bokxing.nl
KvK: 27194486
The attached patch against Clamav-0.96.2 adds a ClamukoIgnoreSuperuser
option to Clamukofs. If set to "yes", files that are opened by processes
running as root will be ignored. They will not be scanned, and access is
always allowed. Regular processes are still denied access to the files.
Rationale: this gives the administrator more options for dealing with
infected files, such as copying them, gzipping them, or moving them to a
different partition.
Possible issues: the name of the option is a bit long, but using the
word "root" felt too ambiguous for something at the filesystem level.
Also, the code checks the ownership of /proc/<pid> to determine the uid
of the process, which may not be the most elegant or portable way to do it.
If someone finds this sort of thing useful, it should be relatively
simple to modify the patch so that Clamuko can accept a list of ignored
uid's, instead of just uid 0.
Kind regards,
--Alfred Klomp
--
Bokxing IT
Elektronicaweg 14a
2628 XG Delft
T: 088-00 164 00
F: 015-25 609 77
support@bokxing.nl
www.bokxing.nl
KvK: 27194486