<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"> <!--Converted with LaTeX2HTML 2K.1beta (1.48) original version by: Nikos Drakos, CBLU, University of Leeds * revised and updated by: Marcus Hennecke, Ross Moore, Herb Swan * with significant contributions from: Jens Lippmann, Marek Rouchal, Martin Wilck and others --> <HTML> <HEAD> <TITLE>Security</TITLE> <META NAME="description" CONTENT="Security"> <META NAME="keywords" CONTENT="clamdoc"> <META NAME="resource-type" CONTENT="document"> <META NAME="distribution" CONTENT="global"> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="LaTeX2HTML v2K.1beta"> <META HTTP-EQUIV="Content-Style-Type" CONTENT="text/css"> <LINK REL="STYLESHEET" HREF="clamdoc.css"> <LINK REL="next" HREF="node28.html"> <LINK REL="previous" HREF="node26.html"> <LINK REL="up" HREF="node26.html"> <LINK REL="next" HREF="node28.html"> </HEAD> <BODY > <!--Navigation Panel--> <A NAME="tex2html337" HREF="node28.html"> <IMG WIDTH="37" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="next" SRC="/usr/share/latex2html/icons/next.png"></A> <A NAME="tex2html335" HREF="node26.html"> <IMG WIDTH="26" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="up" SRC="/usr/share/latex2html/icons/up.png"></A> <A NAME="tex2html329" HREF="node26.html"> <IMG WIDTH="63" HEIGHT="24" ALIGN="BOTTOM" BORDER="0" ALT="previous" SRC="/usr/share/latex2html/icons/prev.png"></A> <BR> <B> Next:</B> <A NAME="tex2html338" HREF="node28.html">Scan engine</A> <B> Up:</B> <A NAME="tex2html336" HREF="node26.html">Technicals</A> <B> Previous:</B> <A NAME="tex2html330" HREF="node26.html">Technicals</A> <BR> <BR> <!--End of Navigation Panel--> <H2><A NAME="SECTION00061000000000000000"> Security</A> </H2> Clam AntiVirus cares about security. Dangerous operations (such as extracting, temporary file creation, unlink() operations) are executed with <I>clamav</I> privileges. <B>But there are no programs without bugs.</B> This is a young project and everything is possible. In some places it uses the <I>snprintf()</I> function, some older systems (C libraries) however the buffer length in this function isn't checked. This example shows, that you should check your system first. Never set SUID/SGID bits on Clam AntiVirus executables. If the SUID bit is set and <I>clamscan</I> is owned by root, every file on the system may be modified with the <I>-log</I> option. Normal users may use <I>clamscan</I> to scan their files, other files shouldn't interest them. <P> <BR><HR> <ADDRESS> Tomasz Kojm 2002-11-21 </ADDRESS> </BODY> </HTML>