Mailing List Archive

Freshclam Proxy Password
Hi,

Freshclam Proxy Password is stored as plain text in Freshclam.conf file.

HTTPProxyPassword myownpassword

Any user is able to read that password.
Is there a chance to store that password encrypted or in another place?

Thank you,

Jorge
Re: Freshclam Proxy Password [ In reply to ]
On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote:
>Freshclam Proxy Password is stored as plain text in Freshclam.conf file.
>
>HTTPProxyPassword myownpassword
>
>Any user is able to read that password.
>Is there a chance to store that password encrypted or in another place?

It should be safe to set permissions to freshclam.conf only to be readable
for owner, maybe group, dependending on your system:

-r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
% ps axuww | grep resh
clamav 2646 0.0 0.0 66864 6380 ? Ss Jan30 0:19 /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf --pid=/run/clamav/freshclam.pid

Here, permissions 0400 would be enough.

debian (and so I guess ubuntu) seems to do that automatically if password
is set:

if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then
# Tighten the permissions up if it contains a password
if [ -n "$ppass" ]; then
chmod 400 $FRESHCLAMCONFFILE
else
chmod 444 $FRESHCLAMCONFFILE
fi

chown "$dbowner":adm $FRESHCLAMCONFFILE
fi

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Fighting for peace is like fucking for virginity...
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
Re: Freshclam Proxy Password [ In reply to ]
Hi,

Thank you for your answer.
I'm using Windows, not Linux.

Re,

Jorge

El mié, 15 feb 2023 a las 8:40, Matus UHLAR - fantomas (<uhlar@fantomas.sk>)
escribió:

> On 15.02.23 08:26, Jorge Elissalde via clamav-users wrote:
> >Freshclam Proxy Password is stored as plain text in Freshclam.conf file.
> >
> >HTTPProxyPassword myownpassword
> >
> >Any user is able to read that password.
> >Is there a chance to store that password encrypted or in another place?
>
> It should be safe to set permissions to freshclam.conf only to be readable
> for owner, maybe group, dependending on your system:
>
> -r--r--r-- 1 clamav adm 715 Apr 24 2021 /etc/clamav/freshclam.conf
> % ps axuww | grep resh
> clamav 2646 0.0 0.0 66864 6380 ? Ss Jan30 0:19
> /usr/bin/freshclam -d --quiet --config-file=/etc/clamav/freshclam.conf
> --pid=/run/clamav/freshclam.pid
>
> Here, permissions 0400 would be enough.
>
> debian (and so I guess ubuntu) seems to do that automatically if password
> is set:
>
> if [ -f "$FRESHCLAMCONFFILE" ] && [ ! -L "$FRESHCLAMCONFFILE" ]; then
> # Tighten the permissions up if it contains a password
> if [ -n "$ppass" ]; then
> chmod 400 $FRESHCLAMCONFFILE
> else
> chmod 444 $FRESHCLAMCONFFILE
> fi
>
> chown "$dbowner":adm $FRESHCLAMCONFFILE
> fi
>
> --
> Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> Fighting for peace is like fucking for virginity...
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>
Re: Freshclam Proxy Password [ In reply to ]
On 2/15/23 5:19 AM, Jorge Elissalde via clamav-users wrote:
> Hi,

Hi,

> I'm using Windows, not Linux.

Is there a reason that you can't use the file system permissions?

I'm assuming that you're using NTFS.



--
Grant. . . .
unix || die