[clamav-users] ClamAV reputation rating
Simon Hobson
linux at thehobsons.co.uk
Thu Jun 27 11:57:40 UTC 2019
Epicon Elysium <epicon.elysium at gmail.com> wrote:
> There's no email traffic in/out. It's just application traffic through WAF/ModSecurity. The files itself on the OS level are pretty static. So the ClamAV is used to scan the filesystem. So basically, I think it's just reputation rating on the files if any.
I'm struggling to understand what you mean by reputation rating in this context - a file is a file, and short of taking a blanket "anything ending in '.exe' fails" sort of approach, I can't see how you can apply any sort of reputation rating.
If you were to try and apply a ".gif is potentially dangerous" approach, then what next ?
You scan it and find it matches a malware signature - no different to just scanning it.
You scan it and find that it doesn't match anything - now what ? It's scanned clean, but now you are wanting to say that it could still be harmful (just because it's a ".gif"), or it could be clean.
> I haven't checked that PolicyD yet.
That's for email anyway.
More information about the clamav-users
mailing list