Opened 11 years ago
Closed 19 months ago
#39435 closed enhancement (invalid)
clamav
| Reported by: | mroman@… | Owned by: | danielluke (Daniel J. Luke) |
|---|---|---|---|
| Priority: | Normal | Milestone: | |
| Component: | ports | Version: | |
| Keywords: | haspatch | Cc: | petrrr, cooljeanius (Eric Gallager), jul_bsd@… |
| Port: | clamav |
Description
- clamav fails to build if clamav user doesn't exist
(not everyone wants to use clamav-server port) - create dir with virus database automatically : /share/clamav
- configure clamav to run out of the box
- set suid bit of freshclam to work with clamxav
Attachments (1)
Change History (13)
Changed 11 years ago by mroman@…
| Attachment: | Portfile-clamav.diff added |
|---|
comment:1 Changed 11 years ago by mf2k (Frank Schima)
| Cc: | geeklair.net:dluke removed |
|---|---|
| Keywords: | haspatch added |
| Owner: | changed from macports-tickets@… to dluke@… |
comment:2 Changed 11 years ago by mf2k (Frank Schima)
| Type: | defect → enhancement |
|---|---|
| Version: | 2.1.3 |
comment:3 Changed 11 years ago by danielluke (Daniel J. Luke)
I'll try to take a look at this this weekend (and try to incorporate as much as is reasonable) - a couple of thoughts though.
clamav should build without the clamav user (I haven't tested that specifically in a while, so upstream may have broken it) - I'm not sure if the buildbot has a clamav user or not, the existing (lack of) setup was done on purpose since there are a wide variety of ways one might want to use clamav, I don't think setting the suid bit is something we want to do at all.
comment:4 Changed 11 years ago by danielluke (Daniel J. Luke)
| Owner: | changed from dluke@… to dluke@… |
|---|---|
| Status: | new → assigned |
comment:5 Changed 11 years ago by mroman@…
The freshclam.conf says it runs by default as clamav user. So I was curious and deleted the clamav user and group using dscl. Rebuilding port gave me configure error.
The problem with no having clamav user is that enduser has to manually edit .conf files and create ${prefix}/share/clamav with appropriate owner/group to enable freshclam to fetch virus definitions. But most users just use default settings. Besides, separate clamav user account rather doesn't create any security risk.
If you look at clamav-server there is big list of things for user to do. Pretty nasty for me.
I am not sure about this suid bit, but I suppose it would not pose any additional security problem: it's just for freshclam and the clamav user doesn't have admin privileges afterall.
Thank you for your response. I have just thought to make the configuration of this port a little easier.
comment:6 Changed 11 years ago by mroman@…
The documentation says, that the check for existence of clamav account may be disabled when installing on unprivileged user account: http://www.clamav.net/doc/latest/html/node13.html
comment:7 Changed 11 years ago by mroman@…
On second thoughts, probably using suid on freshclam isn't the best solution indeed, however we could consider setting to "clamav" the owner and group of freshclam in post-destroot.
comment:12 Changed 19 months ago by danielluke (Daniel J. Luke)
| Resolution: | → invalid |
|---|---|
| Status: | assigned → closed |
Trac requires valid email addresses.