3

I installed ClamAV (clamav-daemon and clamav-freshclam) in order to set up a policy of regularly scanning my LTSP thin client setup for Windows viruses.

Currently, we have a variety of users, each with their own group. All files in their home directory are owned by each user, and to each user's group. How can I have clamdscan read all of their files, whether 0700 or not, while not running clamdscan as root? (which is just asking for problems)

lfaraone
  • 1,611
  • 3
  • 18
  • 23
  • There's a launchpad ticket open with your problem. https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/450250 – Joseph Kern Oct 13 '09 at 14:01

1 Answers1

1

Maybe, you should install a job to each user's crontab, so all files are scanned collectively by a user's instance of clamdscan?

kolypto
  • 11,058
  • 12
  • 54
  • 66
  • We'd also have to disable a user's ability to edit their crontab, since a malicious user could just disable the scan. – lfaraone Oct 14 '09 at 16:18
  • Hm. So run a task as root (so crontast is not removable) and `su` to each user's account just before launching `clamdscan` :) – kolypto Oct 15 '09 at 00:03