[clamav-users] I have some queries about ClamAV
Dennis Peterson
dennispe at inetnw.com
Wed Jan 28 17:55:43 UTC 2015
To be honest that is an option that should probably not exist as it is
especially dangerous owing to lack of intelligence in the decision process
coupled with the opportunity for false positives (barely hinted at in the
clamdscan --help screen). Given the real possibility of crippling a system it
isn't a feature I would suggest is a "cure" offered by the software, and it
requires substantial knowledge of the risks involved and best practices to
offset some of that risk. If a person were to try this in a corporate
environment I would strongly recommend doing so without any third-party or
self-generated signatures installed for no other reason than to minimize the
number of people who have to show up in court during the lawsuit that follows. :)
dp
On 1/28/15 7:47 AM, Steven Morgan wrote:
> clamscan and clamd options exist to remove or move (--move --remove)
> infected files. The documentation indicates use with care. I've not tried
> them myself.
>
> Steve
>
> On Tue, Jan 27, 2015 at 7:40 PM, Dennis Peterson <dennispe at inetnw.com>
> wrote:
>
>> He wants to know if ClamAV takes any corrective action such as quarantine
>> or even remediate the problem by replacing corrupted files with originals.
>> ClamAV does neither, but it can alert tertiary software to perform
>> quarantining and provide notification of a need for user initiated
>> remediation.
>>
>> One can conjecture the wisdom of auto-remediation by an AV product, but
>> some of the worst botch jobs I've ever worked with were done by
>> well-meaning AV products that got fix-up wrong.
>>
>> dp
>>
>>
>> On 1/27/15 4:13 PM, Joel Esler (jesler) wrote:
>>
>>> I believe I emailed this privately to you. ClamAV can have the ability
>>> to quarantine an infected file if it finds one.
>>>
>>> We don’t know what you mean by the word “cure”. Can you elaborate what
>>> you mean there for the group?
>>>
>>> --
>>> Joel Esler
>>> Open Source Manager
>>> Threat Intelligence Team Lead
>>> Talos
>>>
>>>
>>> On Jan 27, 2015, at 7:10 PM, Jihyun-Chang <jhyun_chang at naver.com<mailto:
>>> jhyun_chang at naver.com>> wrote:
>>>
>>>
>>> Is there no one to answer me ?
>>>
>>> ===============================================
>>>
>>> Dear ClamAV Team,
>>>
>>>
>>>
>>> Hi~ I am a student interested in security.
>>>
>>> I found ClamAV as Anti-virus program and it looks good to me while
>>> looking through User-manual.
>>>
>>> I have a few questions about ClamAV. Does it can use as a cure (It means
>>> ClamAV can fix the scanned files) or just virus-scanner ? (It means ClamAV
>>> cannot support fix the scanned files)
>>>
>>> It seems not mentioned in User-manual and http://www.clamav.net/index.
>>> html.
>>>
>>> It may not have seen my eyes only :)
>>>
>>>
>>>
>>> Could you explain my request?
>>>
>>> I will be looking forward to your reply.
>>>
>>>
>>>
>>> Thanks in advance for any help.
>>>
>>>
>>>
>>>
>>> ~Chang~
>>>
>>>
>>> -----Original Message-----
>>> From: "Jihyun-Chang"<jhyun_chang at naver.com<mailto:jhyun_chang at naver.com>>
>>> To: "Joel Esler (jesler)"<jesler at cisco.com<mailto:jesler at cisco.com>>;
>>> Cc: "clamav-devel-owner at lists.clamav.net<mailto:clamav-
>>> devel-owner at lists.clamav.net>"<clamav-devel-owner at lists.clamav.net
>>> <mailto:clamav-devel-owner at lists.clamav.net>>; "clamav-users-owner at lists.
>>> clamav.net<mailto:clamav-users-owner at lists.clamav.net>"<
>>> clamav-users-owner at lists.clamav.net<mailto:clamav-
>>> users-owner at lists.clamav.net>>;
>>> Sent: 2015-01-27 (화) 11:29:01
>>> Subject: Re: I have some queries about ClamAV
>>>
>>>
>>> I wrote the user list already but nobody answer my questuon for two
>>> weeks. I don't know why it is taking so long. Even though my question is
>>> not difficult.
>>>
>>> thanks. Best regards.
>>>
>>> -----Original Message-----
>>> From: "Joel Esler (jesler)" <jesler at cisco.com<mailto:jesler at cisco.com>>
>>> To: Jihyun-Chang <jhyun_chang at naver.com<mailto:jhyun_chang at naver.com>>
>>> Cc: "clamav-devel-owner at lists.clamav.net<mailto:clamav-
>>> devel-owner at lists.clamav.net>" <clamav-devel-owner at lists.clamav.net
>>> <mailto:clamav-devel-owner at lists.clamav.net>>
>>> Sent: 2015. 1. 27. 오전 11:20:20
>>> Subject: Re: I have some queries about ClamAV
>>>
>>> You are writing the development list. You should be writing the users
>>> list unless you are contributing development code.
>>>
>>> --
>>> Joel Esler
>>> Sent from my iPhone
>>>
>>> On Jan 26, 2015, at 9:07 PM, Jihyun-Chang <jhyun_chang at naver.com<mailto:
>>> jhyun_chang at naver.com>> wrote:
>>>
>>>
>>> can you hear me ?
>>>
>>> I'm waiting answer from ClamAV team long time ago..
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: "Jihyun-Chang"<jhyun_chang at naver.com<mailto:jhyun_chang at naver.com>>
>>> To: <clamav-devel at lists.clamav.net<mailto:clamav-devel at lists.clamav.net
>>>>> ;
>>> Cc:
>>> Sent: 2015-01-22 (목) 17:19:18
>>> Subject: I have some queries about ClamAV
>>>
>>>
>>>
>>>
>>> Dear ClamAV Team,
>>>
>>>
>>>
>>> Hi~ I am a student interested in security.
>>>
>>> I found ClamAV as Anti-virus program and it looks good to me while
>>> looking through User-manual.
>>>
>>> I have a few questions about ClamAV. Does it can use as a cure (It means
>>> ClamAV can fix the scanned files) or just virus-scanner ? (It means ClamAV
>>> cannot support fix the scanned files)
>>>
>>> It seems not mentioned in User-manual and http://www.clamav.net/index.
>>> html.
>>>
>>> It may not have seen my eyes only :)
>>>
>>>
>>>
>>> Could you explain my request?
>>>
>>> I will be looking forward to your reply.
>>>
>>>
>>>
>>> Thanks in advance for any help.
>>>
>>>
>>>
>>>
>>> ~Chang~
>>>
>>>
>>>
>>> [http://mail.naver.com/readReceipt/notify/?img=FmFjWNkl1zcYar%
>>> 2B5M6CoMrU9KziCFAb9MxMdFxkoF4UXpxk4Frp0Kqu%2FKxF4MdIo%
>>> 2BrkSKxt5W4d5W4C5bX0q%2BzkR74FTWx%2FsMrwCW6Jr7630%
>>> 2B4kn76eXW4kZtzwGbX3q74FnM69C%2BSl5pBt5.gif]
>>> [http://mail.naver.com/readReceipt/notify/?img=FY%2BjWNkl1zcYar%
>>> 2B5M6CoKxUwpxbXFxMXM43SKx0vM6FoFxE9Fq0vMoblpzMmtzFXp6UwaLl5W
>>> Ll51zlqDBFdp6d5MreRhoR8pBFnpBigMr0qMrY5MreR.gif]
>>>
>>> _______________________________________________
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list