Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. devel
Patch: Clamuko: add ClamukoIgnoreSuperuser option
alfred at bokxing
Sep 9, 2010, 7:46 AM
Post #1 of 2 (1422 views)
Permalink
Hi all,

The attached patch against Clamav-0.96.2 adds a ClamukoIgnoreSuperuser
option to Clamukofs. If set to "yes", files that are opened by processes
running as root will be ignored. They will not be scanned, and access is
always allowed. Regular processes are still denied access to the files.

Rationale: this gives the administrator more options for dealing with
infected files, such as copying them, gzipping them, or moving them to a
different partition.

Possible issues: the name of the option is a bit long, but using the
word "root" felt too ambiguous for something at the filesystem level.
Also, the code checks the ownership of /proc/<pid> to determine the uid
of the process, which may not be the most elegant or portable way to do it.

If someone finds this sort of thing useful, it should be relatively
simple to modify the patch so that Clamuko can accept a list of ignored
uid's, instead of just uid 0.

Kind regards,
--Alfred Klomp


--
Bokxing IT
Elektronicaweg 14a
2628 XG Delft
T: 088-00 164 00
F: 015-25 609 77
support@bokxing.nl
www.bokxing.nl
KvK: 27194486

Attached Files:

Re: Patch: Clamuko: add ClamukoIgnoreSuperuser option [ In reply to ]
tkojm at clamav
Sep 10, 2010, 3:08 AM
Post #2 of 2 (1322 views)
Permalink
On Thu, 09 Sep 2010 16:46:23 +0200 Alfred Klomp <alfred@bokxing.nl> wrote:
> Hi all,
>
> The attached patch against Clamav-0.96.2 adds a ClamukoIgnoreSuperuser
> option to Clamukofs. If set to "yes", files that are opened by processes
> running as root will be ignored. They will not be scanned, and access is
> always allowed. Regular processes are still denied access to the files.
>
> Rationale: this gives the administrator more options for dealing with
> infected files, such as copying them, gzipping them, or moving them to a
> different partition.
>
> Possible issues: the name of the option is a bit long, but using the
> word "root" felt too ambiguous for something at the filesystem level.
> Also, the code checks the ownership of /proc/<pid> to determine the uid
> of the process, which may not be the most elegant or portable way to do it.
>
> If someone finds this sort of thing useful, it should be relatively
> simple to modify the patch so that Clamuko can accept a list of ignored
> uid's, instead of just uid 0.

Hey Alfred,

please open an enhancement request in our bugzilla
(http://bugs.clamav.net) and attach your patch there

Thanks,

--
oo ..... Tomasz Kojm <tkojm@clamav.net>
(\/)\......... http://www.ClamAV.net/gpg/tkojm.gpg
\..........._ 0DCA5A08407D5288279DB43454822DC8985A444B
//\ /\ Fri Sep 10 12:06:18 CEST 2010
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal