
Remote Code Execution as Root with McAfee Virus Scan for Linux - grey-area
https://nation.state.actor/mcafee.html
======
djsumdog
Virus scanners are just a huge attack vector today. They should never be
running on servers and you should never run them on a Linux workstation.

The best security in the Linux world involves inspecting scripts before you
run them. Install things from the package manager. Keep your managed packages
up to date.

Even on Windows, most virus scanners run as the System user and there have
been multiple hacks exploring many of the major ones over the past few years.
This attack vector is particularly bad because you don't even need to open a
file. If someone discovered a bug in the virus scanner's jpeg/json/exe/pdf
parser, they can exploit it and often run things as the system user.

