diff -ruN ../clamav-0.96.2-orig/clamd/clamuko.c ./clamd/clamuko.c --- ../clamav-0.96.2-orig/clamd/clamuko.c 2010-07-30 14:25:16.000000000 +0200 +++ ./clamd/clamuko.c 2010-09-09 13:53:42.000000000 +0200 @@ -78,6 +78,8 @@ struct stat sb; char virhash[33]; unsigned int virsize; + int ignore_superuser; + char procdir[20]; clamuko_scanning = 0; @@ -171,6 +173,12 @@ extinfo = optget(tharg->opts, "ExtendedDetectionInfo")->enabled; + ignore_superuser = optget(tharg->opts, "ClamukoIgnoreSuperuser")->enabled; + if(ignore_superuser) + logg("Clamuko: Ignoring files opened by the superuser (root).\n"); + else + logg("Clamuko: Not ignoring files opened by the superuser (root).\n"); + while(1) { if(dazukoGetAccess(&acc) == 0) { @@ -185,6 +193,13 @@ } } + /* if requested, don't scan any files opened by a process run as root */ + if (scan && ignore_superuser + && (snprintf(procdir, sizeof(procdir), "/proc/%u", acc->pid) > 0) + && (stat(procdir, &sb) == 0) + && (sb.st_uid == 0)) + scan = 0; + if(scan && cli_scanfile_stats(acc->filename, &virname, virhash, &virsize, NULL, tharg->engine, tharg->options) == CL_VIRUS) { if(extinfo && virsize) logg("Clamuko: %s: %s(%s:%u) FOUND\n", acc->filename, virname, virhash, virsize); diff -ruN ../clamav-0.96.2-orig/clamd/clamukofs.c ./clamd/clamukofs.c --- ../clamav-0.96.2-orig/clamd/clamukofs.c 2010-07-30 14:25:16.000000000 +0200 +++ ./clamd/clamukofs.c 2010-09-09 13:49:41.000000000 +0200 @@ -91,6 +91,8 @@ int skip_scan = 0, extinfo; const char *virname; char filename[4096], virhash[33]; + int ignore_superuser; + char procdir[20]; /* ignore all signals */ sigfillset(&sigset); @@ -133,6 +135,12 @@ extinfo = optget(tharg->opts, "ExtendedDetectionInfo")->enabled; + ignore_superuser = optget(tharg->opts, "ClamukoIgnoreSuperuser")->enabled; + if(ignore_superuser) + logg("Clamuko: Ignoring files opened by the superuser (root).\n"); + else + logg("Clamuko: Not ignoring files opened by the superuser (root).\n"); + while(1) { if(dazukofs_get_access(scan_hndl, &acc)) { if(!shutdown_hndl) @@ -151,6 +159,13 @@ } } + /* if requested, don't scan any files opened by a process run as root */ + if (!skip_scan && ignore_superuser + && (snprintf(procdir, sizeof(procdir), "/proc/%u", acc.pid) > 0) + && (stat(procdir, &sb) == 0) + && (sb.st_uid == 0)) + skip_scan = 1; + if(skip_scan) { acc.deny = 0; /* reset skip flag */ diff -ruN ../clamav-0.96.2-orig/docs/man/clamd.conf.5.in ./docs/man/clamd.conf.5.in --- ../clamav-0.96.2-orig/docs/man/clamd.conf.5.in 2010-07-30 14:25:16.000000000 +0200 +++ ./docs/man/clamd.conf.5.in 2010-09-09 13:44:37.000000000 +0200 @@ -461,6 +461,11 @@ Ignore files larger than SIZE. .br Default: 5M +.TP +\fBClamukoIgnoreSuperuser BOOL\fR +Ignore (do not scan) files that are opened by a process running as the superuser (root). +.br +Default: no .SH "NOTES" .LP All options expressing a size are limited to max 4GB. Values in excess will be resetted to the maximum. diff -ruN ../clamav-0.96.2-orig/etc/clamd.conf ./etc/clamd.conf --- ../clamav-0.96.2-orig/etc/clamd.conf 2010-07-30 14:25:16.000000000 +0200 +++ ./etc/clamd.conf 2010-09-09 13:44:37.000000000 +0200 @@ -454,6 +454,11 @@ # Default: disabled #ClamukoExcludePath /home/bofh +# Ignore (do not scan) files opened by processes running as the superuser (root). +# This lets root copy infected files, move them to a different partition, etc. +# Default: no +#ClamukoIgnoreSuperuser yes + # With this option enabled ClamAV will load bytecode from the database. # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses. # Default: yes diff -ruN ../clamav-0.96.2-orig/shared/optparser.c ./shared/optparser.c --- ../clamav-0.96.2-orig/shared/optparser.c 2010-08-03 10:43:30.000000000 +0200 +++ ./shared/optparser.c 2010-09-09 13:44:37.000000000 +0200 @@ -328,6 +328,8 @@ { "ClamukoMaxFileSize", NULL, 0, TYPE_SIZE, MATCH_SIZE, 5242880, NULL, 0, OPT_CLAMD, "Files larger than this value will not be scanned.", "5M" }, + { "ClamukoIgnoreSuperuser", NULL, 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, 0, OPT_CLAMD, "Ignore (do not scan) files opened by processes run as root.", "no" }, + /* FIXME: mark these as private and don't output into clamd.conf/man */ { "DevACOnly", "dev-ac-only", 0, TYPE_BOOL, MATCH_BOOL, -1, NULL, FLAG_HIDDEN, OPT_CLAMD | OPT_CLAMSCAN, "", "" },