[clamav-users] Stream scanning

Mickey Sola msola at sourcefire.com
Tue Jan 12 11:20:38 EST 2016


More specifically, only Linux is supported for on access scanning.

While some legacy functionality may be available on OS X 10.5+ using the
ClamAuth kernel extension, all major features currently supported heavily
rely on the fanotify api, which is exclusive to the Linux kernel (version
2.6.37 and up).

On Tue, Jan 12, 2016 at 10:43 AM, Yuri Voinov <yvoinov at gmail.com> wrote:

>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> // Corrected. You are welcome ;)
>
> 12.01.16 21:42, Mickey Sola ?????:
> > Hi Istvan,
> >
> > While clamd does provide on-access scanning capabilities, that feature is
> > only available on Linux/*NIX systems. On Windows, you will need to
> periodically
> > run a scan on the target directory.
> >
> > Cheers,
> > Mickey
> >
> > On Tue, Jan 12, 2016 at 9:52 AM, Istvan Szabo <IstvanS at sfwltd.co.uk>
> wrote:
> >
> >> If clamd is running on the system, it would automatically monitor the
> >> directory? Or how can I set to continuously monitor that directory and
> do
> >> the steps that needed?
> >>
> >> So based on your suggestion the 2nd step would be the last step and
> in the
> >> 2nd step would scan clamd the files, but how would it monitor and how
> would
> >> it report? I created a script for a daily scan but it is just a scan
> not a
> >> real time monitoring.
> >> ________________________________________
> >> From: clamav-users <clamav-users-bounces at lists.clamav.net> on behalf of
> >> Matus UHLAR - fantomas <uhlar at fantomas.sk>
> >> Sent: Tuesday, January 12, 2016 12:48 PM
> >> To: clamav-users at lists.clamav.net
> >> Subject: Re: [clamav-users] Stream scanning
> >>
> >> On 12.01.16 12:14, Istvan Szabo wrote:
> >>> Is it possible to  handle somehow this request with clamav?
> >>>
> >>>
> >>> 1.
> >>> User uploads file to web site
> >>> 2.
> >>> File is loaded into memory (byte stream)
> >>> 3.
> >>> File byte stream is sent to ClamAV for scanning
> >>> 4.
> >>> ClamAV returns OK or VIRUS
> >>> 5.
> >>> If OK, store file in the database, if VIRUS, return error to user
> >>>
> >>> I'd imagine to scan the file ClamAV will need to write the byte stream
> >> into a temporary file which then gets deleted after the scan.
> >>
> >> the file is already stored as file on web server, there's no need for
> >> messing with it. clamd can scan it there, it just neede proper
> permissions
> >> for reading uploaded files.
> >> --
> >> Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
> >> Warning: I wish NOT to receive e-mail advertising to this address.
> >> Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
> >> Fighting for peace is like fucking for virginity...
> >> _______________________________________________
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> >> This communication and any attachments transmitted with it is intended
> >> only for the stated addressee(s) and may be confidential. Any
> unauthorised
> >> disclosure, use or dissemination, either whole or in part is
> prohibited. If
> >> you have received this email in error, please notify the SFW IT Support
> >> team immediately at support at sfwltd.co.uk and delete, erase or otherwise
> >> destroy this email. Opinions expressed in this email are those of the
> >> author and do not necessarily reflect the opinions of SFW Ltd or SFW
> India
> >> Pvt Ltd.
> >>
> >> SFW Ltd. Registered Office: Southern House, Station Approach, Woking,
> >> Surrey, GU22 7UY Registered in England No: 2740301 VAT No. 591 7842 02
> >>
> >> _______________________________________________
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> > _______________________________________________
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2
>
> iQEcBAEBCAAGBQJWlR89AAoJENNXIZxhPexGUj8IAJsaxTS5JdCjpYZ4SUsh58oy
> G9Cf9JJnXj5c3e5Q77gDRmHG8XOmhAv7txW4oXHHbCUq5YQYW9fbuEwDcjl14r1G
> dwPZDnPTtwamBhDbp9JbJ5uBznQ2fAXXJC7EDKVlTPTqiZqymfkYQfXRt/uNqCTa
> zINnoiR6JCn3QMa9NBlGHHLmSbcYmFg7aEkOTctx0F423U8BiyoMj8+FAs0v5brr
> 49ivM7IczhgAv4K7FhQb5EVoGD+sbFzK0hHO1h4YLjR57Fc/musT7/OVTLO4Ubgo
> s8xwUjQGC4WzouIHKG05VYfd/Bp+D2Wur6kQJAOsmeYh5TFOkAkSG7hIVp0Sp40=
> =sMdS
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>



More information about the clamav-users mailing list