On Apr 23, 2009, at 3:00 PM, NM <nico at altiva.fr> wrote: > On Fri, 23 Jan 2009 11:30:12 -0800, Scott Silva wrote: > >> Cron a "clamscan -ir /" >> It will check the entire filesystem and report infected files. You >> probably don't want to automatically delete what you find, though. >> >> You can also scan for things like ssn's in datafiles laying around. > > Congratulations, anyone who can write to /tmp is all set to pwn you on > the next ClamAV vuln. How about running it as the untrusted user 'clamav'? I know there is a lot of boilerplate regulation out there, I have my fair share to deal with myself. Often hidden in the BS there is a good intention it just requires a little give and take. Give in to a little BS here to get a little break on the BS there. What the consultant should be working off of is an accurate risk assessment of the OS and the applications installed on it, not some dumb checklist. -Ross