ClamAV Unofficial Signatures

From Gentoo Wiki
Jump to: navigation, search

Running as a restricted user

Warning
If you make this change after running the "normal" way, you'll need to empty the working directory /var/lib/clamav-unofficial-sigs and delete the log file at /var/log/clamav/clamav-unofficial-sigs.log. Otherwise you'll get access violations.

The app-antivirus/clamav-unofficial-sigs package does not provide its own user, but it does share most of its privileges with app-antivirus/clamav. So it makes some sense to run the unofficial update script as the clamav user. There are only a few steps to doing this:

First, give the clamav user a working shell:

root #usermod -s /bin/bash clamav

Now lock the account so no one can use it:

root #passwd -l clamav

Disable the user/group in the config file:

CODE /etc/clamav-unofficial-sigs.conf
#clam_user="clamav"
#clam_group="clamav"

And now, run the script (in a cron job or wherever) as the clamav user:

root #su clamav -c /usr/sbin/clamav-unofficial-sigs.sh

If you use logrotate, you'll need to change the permissions on the rotated logs:

CODE /etc/logrotate.d/clamav-unofficial-sigs-logrotate
/var/log/clamav/clamav-unofficial-sigs.log {
     create 0600 clamav clamav
}