[clamav-users] USB key scan on access
Che
comandantegringo at gmail.com
Tue Jun 28 23:39:44 UTC 2016
On Tue, Jun 28, 2016 at 6:15 AM, john doe <maiki.dev at gmail.com> wrote:
> I'm trying to achieve the following: auto mount USB key and detect if a
> user uploads or downloads a virus from it.
> An additional feature I can live without: access prevention upon virus
> detection.
>
> The "OnAccessIncludePath" option in clamd configuration file seems the way
> to go. The best solution we could come up is:
> - auto-mounting key in /run/media/$USER/$KEY using udisks2
> - use homemade script (based on inotifywait) to watch the /run/media for
> new mounted media
> - when so, add mount path to "OnAccessIncludePath" and restart clamd
> service
>
> This solution has MANY caveats, namely:
> - clamd takes some times (around 10s) to start. During that time the user
> can {up,down}load viruses.
> - requires some kind of supervision, if either the homemade script or the
> clamd service crash, the solution does not work.
> - can't specify mount options with udisks2
>
> I've stumbled upon the clamfs project which seems promising. Any advice on
> it?
>
> Do you guys have a better way of achieving my goal?
>
Wouldn't running these as a systemd service -- with an explicit 'path'
service written for mounting USB devices and then clamAV scanning them,
etc. -- do what you want?
>
> I haven't dove in the clamd source code, but from the documentation I could
> not find a way to feed the DDD (Dynamic Directory Determination) module new
> path on the fly.
>
> Thank you for your time!
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list