[OS X TeX] OT: effective Macintosh Trojan in the wild
Bruno Voisin
bvoisin at mac.com
Mon May 9 17:18:12 CEST 2005
Le 8 mai 05 à 20:41, Aaron Jackson a écrit :
> On May 8, 2005, at 1:58 PM, Bruno Voisin wrote:
>
>> The clamav user created by clamXav has shell /sbin/nologin (as
>> revealed by NetInfo Manager), thus I assume this means this user
>> can't login.
>
> Yes. The shell nologin prints the contents of /private/etc/
> nologin.txt and then quits. Of course, this only happens if the
> account has a valid password and the initial login interaction is
> successful.
>
> As far as security is concerned, paranoia is a good thing. So in
> addition to not having a valid password other common things to do
> is to make sure the shell is not valid and also there is no valid
> home directory for the user. Kinda like wearing a belt, suspenders
> and another pair of pants to make sure your pants never fall down
> unexpectedly, because you never want to be caught with your pants
> down...
A new Archive & Install has revealed that there are indeed a clamav
user and a clamav group in Tiger Client, with different
characteristics from those installed by clamXav. According to NetInfo
Manager:
- Group: name "clamav", realname "SPAM Assassin Group 1"
- User: name "clamav", realname "Clamav User", home /var/virusmails,
shell /bin/tcsh
But there's no directory /var/virusmails.
Bruno Voisin
--------------------- Info ---------------------
Mac-TeX Website: http://www.esm.psu.edu/mac-tex/
& FAQ: http://latex.yauh.de/faq/
TeX FAQ: http://www.tex.ac.uk/faq
List Post: <mailto:MacOSX-TeX at email.esm.psu.edu>
More information about the macostex-archives
mailing list