[Avcheck] Readme.avp
Morten Christensen
mc-avcheck@mc.cx
Sat, 27 Jul 2002 17:04:58 +0200
Michael Tokarev wrote:
>Morten Christensen wrote:
>
>
>>I had a problem when installing avcheck the first time.
>>I think a few more lines in the readme.avp-file would
>>have spared me and the friendly people on this list some
>>time. Here is my proposal. You must look carefully if it
>>is the right technical solution:
>>
>>--->today start<---
>>
>>Some descriptions for those directories inside /var/spool/avp:
>>
>> /var/spool/avp itself: a root for all avp "activity"/files.
>> This directory will be modified only during the installation,
>> kavdaemon and avcheck will not write to it or modify files here.
>>
>>---<today end>---
>>
>>--->changed start<---
>>
>>Some descriptions for those directories inside /var/spool/avp:
>>
>> /var/spool/avp itself: a root for all avp "activity"/files.
>> This directory will be modified only during the installation,
>> kavdaemon and avcheck will not write to it or modify files here.
>> The user, kavdaemon and avcheck is started as, must have
>> execute-rights on those files. That can be done with:
>> chown :avgroup /var/spool/avp/*
>>
>>---<changed end>---
>>
>>
>
>I don't think this is a correct way. Here is my a listing of
>/var/spool/drweb from my machine:
>
>drwxr-xr-x 6 root root 1024 Jul 24 14:29 .
>drwxr-xr-x 2 root root 1024 Jul 24 14:26 bases/
>-rw-r--r-- 1 root root 570368 Jul 12 04:28 drweb32.dll
>-rwxr-xr-x 1 root root 931192 May 15 03:59 drwebd*
>-rw-r--r-- 1 root root 501 Nov 20 2001 drwebd.ini
>-r--r--r-- 1 root root 1165 Aug 14 2001 drwebd.key
>drwxr-xr-x 2 root root 1024 Oct 1 2001 etc/
>drwxr-x--- 2 drwebd avscan 1024 Jul 24 14:29 run/
>drwxr-xr-x 2 drwebc avscan 1024 Jul 27 17:56 tst/
>
>
Basically you give read- and/or exe-access to everybody,
where I tried to restrict it to root and the av-group.
I am no security-expert so I don't know what is best,
or what is needed.
I knew, that I probably hit too many files with my
command, but I was unsecure on, where it was needed.
>(this is drweb not avp, and user/group names are somewhat different,
>but the same rules applies anyway).
>
Does the avcheck and infected-executables need exe-access
from the av-group?
Basically, does every file in /var/spool/avp need
read or exe-rights from the av-group?
>I think it's sufficient to add similar listing (as above) to some
>README files to serve as an example, and this shuld solve this
>issue. Please correct me if I'm wrong here (until it's too late... ;
>
In my case, a listing would have been enough.
I just needed to be aware of the problem.
>Thanks for a tip.
>
Thanks for a program :-)
---
mvh...
Morten Christensen