- The clamav-daemon package creates a 'clamav' user; in order to allow ClamAV to scan system files, such as your mail spool, you can add clamav to the group that owns the files. Let ClamAV listen for Incoming Scans.
- The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon in the clamav-daemon package, a command-line scanner in the clamav package, and a tool for automatic updating via the Internet in the clamav-freshclam package.
ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look.
Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string 'simple'.
For most linux systems (not Mac/OSX) we recommend CLAMAV as the primary scanner, it's easy to install on most unix systems and gives a good broad protection.
So using this nmap scan and a quick search based on the name of the box we see a few possible exploits.
From the list showing 'clamav' exploits we see one that is targeting SMTP which we know is open from the nmap scan.
Lets take a look at the pearl script.
So it looks like the exploit will be opening a new port 31337 and running sh as root. Lets take a look at the current status of the port.
Clamav For Mac
Port 31337 is closed as expected. Running the exploit.
No errors with execution and the message looks to be accepted for delivery. Looking back at the port, its now open!
Netcat to the port.
Wow, root immediately.
'bash -i' to upgrade the shell just a bit. Navigate to the root desktop to grab the proof.txt.
ClamAV is a fun one, but the machine name gave a huge advantage to the attacker. The Offensive Security community claims that ClamAV is a retired OSCP exam box. So it was good practice if nothing else. Until next time, stay safe in the Trenches of IT!
Clamav Daemon Machina
The easiest way to get the ClamAV package is using Homebrew
Before trying to start the clamd daemon, you'll need a copy of the ClamAV databases.
Inside /your/location/to/brew/etc/clamav, you'll see 2 files:
- freshclam.conf.sample
- clamd.conf.sample
Create copies of the samples:
Open up freshclam.conf, comment out 'Example' from line 8, and make sure
Clamav Mac Download
is enabled. Save your changes.
Clamav Daemon Mac Download
ClamAV is a machine available in the Practice area of the Offensive Security Proving Grounds. This box difficulty is easy. Lets dive in and take a look.
Starting with a nmap scan enabling all scripts, detecting versions, and output all formats to files starting with the string 'simple'.
For most linux systems (not Mac/OSX) we recommend CLAMAV as the primary scanner, it's easy to install on most unix systems and gives a good broad protection.
So using this nmap scan and a quick search based on the name of the box we see a few possible exploits.
From the list showing 'clamav' exploits we see one that is targeting SMTP which we know is open from the nmap scan.
Lets take a look at the pearl script.
So it looks like the exploit will be opening a new port 31337 and running sh as root. Lets take a look at the current status of the port.
Clamav For Mac
Port 31337 is closed as expected. Running the exploit.
No errors with execution and the message looks to be accepted for delivery. Looking back at the port, its now open!
Netcat to the port.
Wow, root immediately.
'bash -i' to upgrade the shell just a bit. Navigate to the root desktop to grab the proof.txt.
ClamAV is a fun one, but the machine name gave a huge advantage to the attacker. The Offensive Security community claims that ClamAV is a retired OSCP exam box. So it was good practice if nothing else. Until next time, stay safe in the Trenches of IT!
Clamav Daemon Machina
The easiest way to get the ClamAV package is using Homebrew
Before trying to start the clamd daemon, you'll need a copy of the ClamAV databases.
Inside /your/location/to/brew/etc/clamav, you'll see 2 files:
- freshclam.conf.sample
- clamd.conf.sample
Create copies of the samples:
Open up freshclam.conf, comment out 'Example' from line 8, and make sure
Clamav Mac Download
is enabled. Save your changes.
Clamav Daemon Mac Download
Then run
to download the ClamAV databases. The output will look something like this:
Open up clamd.conf, and
- Comment: 'Example' from line 8
- Uncomment: LocalSocket /tmp/clamd.socket from line 85
- Save your changes
Next, let's look for the location of clamd by running:$ brew ls clamav
You should see the following:
To start the clamd daemon, run the following:
You should now be able to scan a file by doing:
