[clamav-users] Clamd vs clamscan

Brad Scalio scalio at gmail.com
Wed Feb 10 21:35:05 UTC 2016 

Unfortunately there are certain standards that information systems have to
adhere to regardless of the logic under specific deployments (I.E. FIPS,
FISMA).

Considering there are other technical controls that would impact operations
much more significantly than running antivirus on a Linux system, we have
to choose wisely those controls we resist and ask for AORs on from our AO,
at the risk of others being implemented despite the efficacy, still adhere
to said standards.

I realize that's not ideal, but sometimes it's just the lot we draw in
life.  I don't want anyone to think antivirus is the only technical control
we have as it relates to host based malicious code prevention, there's
dozens, however the media and vendors have done an excellent job pushing
products.

Anyway off-topic ... Thanks so much for all the valuable input, this user
list has been most helpful during our investigation and analysis, much
appreciated!!!
On Feb 10, 2016 08:51, "Matus UHLAR - fantomas" <uhlar at fantomas.sk> wrote:

> On 10.02.16 05:29, Brad Scalio wrote:
>
>> I've seen a lot of fodder on clamd vs clamscan, running 0.99 on RHEL6.7
>> exit/entry points ... While it's easy enough to use clamscan via cron, is
>> there any good stepwise SOP on getting clamd to work permission wise to
>> scan all filesystem?
>>
>
> For the case of any bug in clamd, it should not be able to scan private
> files.
>
>>  I like the ability to have it all controlled via the
>> daemon, easier to enforce configurations via puppet, easier quick checking
>> and tweaking of conf, etc ... Apologies if I missed the page or doc, but
>> been googling for months to find a simple guide.
>>
>> If clamscan is the preferred way, I'm fine with that, just not sure why
>> there's a daemon then?  Is it for on-access, more for other OS installs?
>>
>
> clamscan is not the preferred way. There are cases where clamscan is
> better.
>
> However: how many infections are there for linux system that you want to
> scan it all? The most common usage of clamav is to scan mail going through
> system and scan filesystems shared to windows machines.
> --
> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> Warning: I wish NOT to receive e-mail advertising to this address.
> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> I wonder how much deeper the ocean would be without sponges.
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

More information about the clamav-users mailing list