Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: devel
Patch: Clamuko: add ClamukoIgnoreSuperuser option
 

Index | Next | Previous | View Flat


alfred at bokxing

Sep 9, 2010, 7:46 AM


Views: 780
Permalink
Patch: Clamuko: add ClamukoIgnoreSuperuser option

Hi all,

The attached patch against Clamav-0.96.2 adds a ClamukoIgnoreSuperuser
option to Clamukofs. If set to "yes", files that are opened by processes
running as root will be ignored. They will not be scanned, and access is
always allowed. Regular processes are still denied access to the files.

Rationale: this gives the administrator more options for dealing with
infected files, such as copying them, gzipping them, or moving them to a
different partition.

Possible issues: the name of the option is a bit long, but using the
word "root" felt too ambiguous for something at the filesystem level.
Also, the code checks the ownership of /proc/<pid> to determine the uid
of the process, which may not be the most elegant or portable way to do it.

If someone finds this sort of thing useful, it should be relatively
simple to modify the patch so that Clamuko can accept a list of ignored
uid's, instead of just uid 0.

Kind regards,
--Alfred Klomp


--
Bokxing IT
Elektronicaweg 14a
2628 XG Delft
T: 088-00 164 00
F: 015-25 609 77
support [at] bokxing
www.bokxing.nl
KvK: 27194486
Attachments: clamuko-ignore-superuser.patch (4.43 KB)

Subject User Time
Patch: Clamuko: add ClamukoIgnoreSuperuser option alfred at bokxing Sep 9, 2010, 7:46 AM
    Re: Patch: Clamuko: add ClamukoIgnoreSuperuser option tkojm at clamav Sep 10, 2010, 3:08 AM

  Index | Next | Previous | View Flat
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.