[clamav-users] combine ALLMATCHSCAN and INSTREAM
Torge Husfeldt
torge.husfeldt at 1und1.de
Wed Feb 3 17:09:54 UTC 2016
Hi,
what about passing an (alredy open) filehandle through the clamd-socket?
Currently we're facing the tradeoff between giving the clamd-process
more permissons or running multiple instances of the scanning-engine
(clamd + clamscan) and parsing the output of clamscan with "tainted"
filenames.
Thanks
Am 01.02.2016 um 21:54 schrieb Steven Morgan:
> Bernhard,
>
> Clamd does not currently support ALLMATCH mode with the INSTREAM protocol.
> The only other suggestion I can offer is to preserve those files found to
> contain viruses and research them separately using ALLMATCH.
>
> Steve
>
> On Mon, Feb 1, 2016 at 5:27 AM, Bernhard Vogel <bernhard.vogel at 1und1.de>
> wrote:
>
>> Hi,
>>
>> is there an option in clamd to combine INSTREAM and ALLMATCHSCAN?
>>
>> We scan files which have already been locked (permission: 200 or similar)
>> by another process/shellscript. Clamd runs with user "clamav" priviledges.
>> At the moment we stream the content of the locked files to CLAMD with the
>> INSTREAM option.
>>
>> Since I also require to do an allmatchscan to review our malware
>> signatures, I need to combine INSTREAM and ALLMATCHSCAN.
>>
>> How can I ALLMATCHSCAN files only accesible by root, without doing
>> something like "sudo clamscan -z ...."
>>
>>
>>
>>
>> Regards,
>> Bernhard
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
--
Torge Husfeldt
Senior Anti-Abuse Engineer
Hosting Security
1&1 Internet Service GmbH | Brauerstraße 50 | 76135 Karlsruhe | Germany
Phone: +49 721 91374-4795
E-Mail: torge.husfeldt at 1und1.de | Web: www.1und1.de
Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 20141
Geschäftsführer: Christian Bigatà Joseph, Hans-Henning Kettler, Uwe Lamnek
Member of United Internet
Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte
Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat
sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte
den Absender und vernichten Sie diese E-Mail. Anderen als dem
bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern,
weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden.
This e-mail may contain confidential and/or privileged information. If
you are not the intended recipient of this e-mail, you are hereby
notified that saving, distribution or use of the content of this e-mail
in any way is prohibited. If you have received this e-mail in error,
please notify the sender and delete the e-mail.
More information about the clamav-users
mailing list