[clamav-users] Securing inputstream
Michael Orlitzky
michael at orlitzky.com
Wed Nov 29 19:10:05 UTC 2017
On 11/29/2017 11:56 AM, Micah Snyder (micasnyd) wrote:
>
> In the short term, if you absolutely must use your current
> implementation, you could consider hosting your Docker container
> inside a secure VPN and connect each client machine to the VPN to
> provide some security between your client applications and your
> ClamAV docker container.
A VPN is the best workaround, but if you need to buy yourself a few
weeks to read the OpenVPN man page, then you can fake this with an SSH
tunnel (run this on the client):
ssh -L 65432:localhost:<clamav_port> user@<clamav_host>
You would then tell the application to scan with port 65432 on
localhost, and SSH would forward the stuff to clamav_port on clamav_host.
If you configure public key authentication for SSH, and don't
password-protect the key, and tell your init system to run that command
automatically -- you've got a jury-rigged VPN.
More information about the clamav-users
mailing list