[Avcheck] PARANOID define
Max Kalika
max@lsit.ucsb.edu
Wed, 1 May 2002 16:05:38 -0700
Greetings avcheck list.
I just got all the peices for virus scanning to work nice and fast.
o postfix 1.1.7 (+tls +rbl_headers)
o avcheck 0.8
o sophie 1.33rc6
o libsavi.so 3.56n (with latest patterns)
I had to start sophie by doing
# su sophie -c "/path/to/sophie -D"
because avcheck checks the owner of the socket that sophie creates. If sophie
was started by root, the socket is created as root and avcheck complains about
BUGGY scanners. Sophie, however drops its privileges on startup and binding
and any children processes that it starts are owned by whatever was set during
compile time (--with-user). I propose the following patch then to avcheck that
can override the PARANOID setting at compile time (without the need to edit
files).
-------------------------------------------------------------------------
diff -ruN avcheck-0.8/avcheck.c avcheck-0.8.new/avcheck.c
--- avcheck-0.8/avcheck.c Sat Feb 9 05:16:04 2002
+++ avcheck-0.8.new/avcheck.c Wed May 1 15:48:36 2002
@@ -27,7 +27,9 @@
# define INADDR_NONE ((unsigned long) -1)
#endif
-#define PARANOID
+#ifndef PARANOID
+# define PARANOID 1
+#endif
#ifndef AVP
# define AVP 1
#endif
@@ -790,7 +792,7 @@
if (avsocket[0] == '/')
{ /* connect to socket and verify */
struct sockaddr_un s;
-#ifdef PARANOID
+#if PARANOID
struct stat st;
#endif
avfd = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -802,7 +804,7 @@
if (connect(avfd, (struct sockaddr*)&s,
sizeof(s.sun_family) + strlen(s.sun_path) + 1) != 0)
err(errno, "unable to connect to antivirus daemon");
-#ifdef PARANOID
+#if PARANOID
if (stat(s.sun_path, &st) != 0)
err(errno, "unable to fstat() socket");
if (st.st_uid == 0 || st.st_uid == getuid())
======================================================================
What do you all think?
p.s. the website says that 0.7 is the latest version, but 0.8 is available on
ftp. Which one should be used in production environments?
--
---max kalika
--max@lsit.ucsb.edu
-lsit systems administrator