[clamav-users] Securing inputstream
Micah Snyder (micasnyd)
micasnyd at cisco.com
Wed Nov 29 16:56:08 UTC 2017
Hello!
ClamAV may be configured to use TCP so that your scanning client (traditionally clamdscan) may be on a different machine than your scanning engine (clamd). This is not recommended for an unsecured network. This wasn’t designed to be a secure solution and doesn’t provide any sort of encryption or authentication between the client and engine.
It’s an issue has been discussed in this mailing list before. In 2016 there was a blog post about it http://blog.clamav.net/2016/06/regarding-use-of-clamav-daemons-tcp.html. We also have a feature request ticket in our Bugzilla ticket queue to secure the TCP socket feature but sadly we haven’t had the time to implement it.
With that said, it sounds like you’re using a 3rd party java-based ClamAV client in your system. You may want to speak with the developers of your system about having a secure file transfer for scanning take place between two Java-based programs with a Java-based client in your Docker container that interacts locally (in your Docker container) with clamd over unix sockets instead of TCP sockets.
In the short term, if you absolutely must use your current implementation, you could consider hosting your Docker container inside a secure VPN and connect each client machine to the VPN to provide some security between your client applications and your ClamAV docker container.
Regards,
Micah
Micah Snyder
Software Engineer
Talos Intelligence
Cisco Systems, Inc.
On Nov 28, 2017, at 6:22 PM, Kiran Shetty <kiran.shettyms at gmail.com<mailto:kiran.shettyms at gmail.com>> wrote:
Hi,
I have a Docker image with ClamAV to perform virus scan. I have a java
application from which I am sending the file that needs to be scanned to
Docker container using Clamav client. I see that the ClamAV client is using
using Java socket (not SSLSocket) to open connection. Is there a way to
secure the TCP connection? Please advise.
Thanks,
Kiran
_______________________________________________
clamav-users mailing list
clamav-users at lists.clamav.net<mailto:clamav-users at lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-users
mailing list