[clamav-users] clamav-users Digest, Vol 174, Issue 2

Eric Tykwinski eric-list at truenet.com
Thu Aug 22 12:19:45 EDT 2019


Something like ansible?
Use ansible's homebrew module to install ClamAV, run a scan, than use the module again to uninstall.
With something like Tower or AWX just schedule it out to run whenever you want on as many computers as you want.

Problem would be the time to scan as each host will be linear, so I would probably just install ansible on each host with localhost as inventory and schedule it with launchd.

Hopefully, that's at least an idea to get you started.

> -----Original Message-----
> From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On
> Behalf Of Dexter Rivera via clamav-users
> Sent: Wednesday, August 21, 2019 2:57 PM
> To: clamav-users at lists.clamav.net
> Cc: Dexter Rivera
> Subject: Re: [clamav-users] clamav-users Digest, Vol 174, Issue 2
> My use-case is this:
> I have very good protection via Crowdstrike Falcon Sensor, but that only
> deletes/quarantines files based on known IOCs, high malicious scores, or
> behavior via machine-learning.  Otherwise it still blocks processes considered
> suspicious and/or due custom IOA.  The downside is that some files are left
> behind.  What we have used in the interim to do post-alert cleanup is
> download the trial version of MalwareBytes for Mac, install, scan, then
> remove MalwareBytes.
> I want to automate the scanning of an endpoint using ClamAV but without
> permanently installing ClamAV.  In Windows I can simply copy the ClamAV files
> to a temp location and then initiate the scan command line with the desired
> parameters like Update, Full Scan, Logging, etc.  After the scan completes the
> temp directory is deleted.  I'm sure we can do the same with ClamAV on the
> Mac but I have not seen any references to it being done yet.  In
> documentation it mentions the compiling of the code which I am thinking I can
> leverage to create a single package to accomplish what I need but I am not
> fluent enough in linux/unix to test.  As an example, I was able to successfully
> create a stand-alone MalwareBytes Enterprise scanner but that is not free and
> very expensive so we did not want to purchase to only use it sparingly.
> The permanent installation of a scanner is NOT required and proved out a few
> times.  Does anyone here have an idea, lead, or suggestion of how I can
> accomplish this on a Mac?  Thanks in advance.
> Dexter R. Rivera
> On 5/11/19, 9:01 AM, "clamav-users on behalf of clamav-users-
> request at lists.clamav.net" <clamav-users-bounces at lists.clamav.net on behalf
> of clamav-users-request at lists.clamav.net> wrote:
>     Send clamav-users mailing list submissions to
>     	clamav-users at lists.clamav.net
>     To subscribe or unsubscribe via the World Wide Web, visit
> 	https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2
> Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-
> users&data=02%7C01%7C%7Cf182ecec07f740dba63808d6d629f5db%7
> C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636931873058741554
> &sdata=nax3EoCsiR6noTsd20e8tdRaWR%2FsexMvyv1wgc%2FmN9g%3D
> &reserved=0
>     or, via email, send a message with subject or body 'help' to
>     	clamav-users-request at lists.clamav.net
>     You can reach the person managing the list at
>     	clamav-users-owner at lists.clamav.net
>     When replying, please edit your Subject line so it is more specific
>     than "Re: Contents of clamav-users digest..."
> _______________________________________________
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> http://www.clamav.net/contact.html#ml

More information about the clamav-users mailing list