Scanning for viruses in the secure domain


Open source systems have begun to "get" the virus to care. The gdk-pixbuf software package has been identified by ClamAV antivirus software as virus infection since the releases after gdk-pixbuf-2.37:

The clamdscan virus scanning program of ClamAV package might use unix socket. If we run clamdscan on its own clamscan_t domain, only this domain accesses the socket instead of the user domain. Security policy module clamav is installed by default. However, some of its interfaces have not been used yet. We use clamav_domtrans_clamscan interface to transition domain from user domain to private domain clamscan_t


An assignment of the user role to the clamscan_t domain is necessary for security context computing

role staff_r types clamscan_t;

The last requirement is to allow the clamscan_t domain to access the socket

allow clamscan_t init_t:unix_stream_socket connectto;

Now clamdscan runs in clamscan_t domain

Currently unrated


There are currently no comments

New Comment


required (not published)



What is 3 + 7?