[clamav-users] Is ClamAV available on the hypervisor?

Tilman Schmidt tschmidt at cardtech.de
Thu Jul 5 05:49:36 EDT 2018


These are strange questions.

Am 05.07.2018 um 07:59 schrieb "조정환":
> Hello, I am using ClamAV for my organization, but I am using it only on
> the VM server.

I assume that by "the VM server" you mean a server which is running as a
virtual machine, or perhaps even several of them. If not, please clarify.

> 1. My supervisor asks, "Is ClamAV available on the hypervisor?"

The answer is of course: "It depends on the hypervisor."
If the hypervisor is running on an OS for which ClamAV is available,
such as KVM on Linux or HyperV on Windows, then you can of course
install ClamAV there, although I wonder why you would want to do that
what you might be hoping to achieve by it.

> I can not answer the question of what other VM servers do when the
> hypervisor gets infected?

Depends on what you mean by "infected".

* The hypervisor is certainly not vulnerable to common infections like
E-mail attachments, documents with malicious macros or drive-by
downloads from web pages, because it doesn't run mail clients, office
applications or web browsers.

* Depending on the type of hypervisor it may not even be able to execute
the infection.

* If the hypervisor is compromised by whatever means then it could be
abused to manipulate and compromise any VM running on it. A virus
scanner such as ClamAV is however the wrong tool to detect such a
compromise.

> 2. I was asked if there is a capability to analyze traffic moving
> between VM servers with ClamAV installed, but I am not listed in the
> detection rule creation manual.
I'm not sure I understand that question.

* If the question is about using ClamAV to analyze traffic then no, that
is not the function of ClamAV. ClamAV analyzes files, not traffic.

* If the question is about traffic between VM servers running ClamAV
then there is nothing to analyze. ClamAV instances on separate systems
do not communicate directly with each other.

* Which detection rule creation manual are you referring to, and why
would you want to be listed in it?

HTH
T.


More information about the clamav-users mailing list