[clamav-users] ClamAV(R) blog: ClamAV 0.98.6 has been released!

Dennis Peterson dennispe at inetnw.com
Tue Feb 3 22:16:45 EST 2015


It takes a lot of cores to run multiple VM's and scanning other VM's from a peer 
VM across the virtual switch and creates a lot of traffic in the vSwitch layer 
of the hosting system. It doesn't work to scan the vdisk of a VM itself unless 
you can mount the virtual disk and scan it as you would any mounted file system 
(the VM has to be off or a non-running file system level snapshot created by the 
host or SAN) or you can share the file systems of interest between the VM 
hosting ClamAV and any VMs you wish to scan live. That would include the 
sharable file systems of the system hosting the VM's. It is slow but it works.

It would be interesting to explore hypervisor snapshots of VMs as a possible 
mountable, scannable file system. Much depends on the hypervisor and whether it 
creates snapshots on a vdisk vs proprietary file format.

Having run hundreds of VM's concurrently I've taken the view that they're 
sacrificial. Any sign of bad health and the running processes are migrated to 
another VM. Then they're killed, replaced with a clean clone, and deleted.

dp

On 2/3/15 6:44 PM, Al Varnell wrote:
> Not sure how ClamAV® works with other platform VM's, but on Apple Macs, it has not been shown to be effective.  I always encourage users to install a separate A-V scanner within the VM environment (often Windows where ClamWIN works fine).
>
> -Al-
>
>
> On Tue, Feb 03, 2015 at 05:09PM, james henrydoss wrote:
>> Hi Joel,
>>
>> I am looking for some notes to run Clam AV to scan Virtual Machine
>> Instances.. I have a small OpenSwitch based implementation which runs two
>> instances of Ubuntu. I wanted to scan the ENVIRONMENT with ClamAV being run
>> on one of the instances.
>>
>> Thanks
>> James Henrydoss
>>
>>
>> On Tue, Jan 27, 2015 at 6:24 PM, Joel Esler (jesler) <jesler at cisco.com>
>> wrote:
>>
>>> http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
>>>
>>> ClamAV 0.98.6 is a bug fix release correcting the following:
>>>
>>>
>>>   *   library shared object revisions.
>>>   *   installation issues on some Mac OS X and FreeBSD platforms.
>>>   *   includes a patch from Sebastian Andrzej Siewior making ClamAV pid
>>> files compatible with systemd.
>>>   *   - Fix a heap out of bounds condition with crafted Yoda's crypter
>>> files. This issue was discovered by Felix Groebert of the Google Security
>>> Team.
>>>   *   - Fix a heap out of bounds condition with crafted mew packer files.
>>> This issue was discovered by Felix Groebert of the Google Security Team.
>>>   *   - Fix a heap out of bounds condition with crafted upx packer files.
>>> This issue was discovered by Kevin Szkudlapski of Quarkslab.
>>>   *   - Fix a heap out of bounds condition with crafted upack packer
>>> files. This issue was discovered by Sebastian Andrzej Siewior.
>>> CVE-2014-9328.
>>>   *   - Compensate a crash due to incorrect compiler optimization when
>>> handling crafted petite packer files. This issue was discovered by
>>> Sebastian Andrzej Siewior.
>>>
>>> Thanks to the following ClamAV community members for code submissions
>>> and bug reporting included in ClamAV 0.98.6:
>>>
>>> Sebastian Andrzej Siewior
>>> Felix Groebert
>>> Kevin Szkudlapski
>>> Mark Pizzolato
>>> Daniel J. Luke
>>>
>>> Please download the latest release of ClamAV from 0.98.6 from our download
>>> page<http://www.clamav.net/download.html>.
>>>
>>> --
>>> Joel Esler
>>> Open Source Manager
>>> Threat Intelligence Team Lead
>>> Talos
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
> -Al-




More information about the clamav-users mailing list