[clamav-users] Stop clamdscan from stepping on itself?

G.W. Haywood clamav at jubileegroup.co.uk
Sat Oct 19 07:40:04 EDT 2019


Hi there,

On Fri, 18 Oct 2019, Ian via clamav-users wrote:
>> On Oct 18, 2019, at 10:10 AM, G.W. Haywood via clamav-users <clamav-users at lists.clamav.net> wrote:
>> On Fri, 18 Oct 2019, Ian via clamav-users wrote:
>>
>>> Government regulations require that I scan the entire filesystem daily --
>>
>> Which government is this, and which regulations?
>
> https://nvd.nist.gov/800-53/Rev4/control/RA-5

I don't see where that document requires what you say it requires.

> It was determined that we needed to do daily scans by auditors
> familiar with these regulations.  Please don’t blame the victim.

Did these auditors recommend anti-virus scanning, or perhaps ClamAV?
If so, maybe we could see the qualifications that they have to do the
job that they seem to be doing.  On the other hand if they simply did
what I think they probably did, and handed you some guidance notes, I
think you might want to look at them again, and then read the document
in your link again, and then read the ClamAV documentation again.

The document in your link talks about "vulnerability scanning", in the
context of risk assessments.  If your auditors' interpretation of the
term "vulnerability scan" is in documentation that they've provided to
you, I should be very interested to see it.

ClamAV does not scan (and never has scanned) for vulnerabilities, it
scans for a variety of malicious data.  The idea of a vulnerability
scan is that you look for possible problems before they're exploited
by something malicious.  If you used ClamAV, and thus found that your
system had been compromised, it would already be too late to look for
the vulnerability which was exploited to compromise the system.  You'd
have been looking for the wrong things.  You'd have been looking for
weapons, and not for chinks in the armour.

Looks to me like most of the discussion so far is moot since you seem
to be working on the basis of a quite erroneous interpretation of the
perfectly clear NIST document.

I hope this isn't representative of the general state of understanding
of NIST guidance.

-- 

73,
Ged.


More information about the clamav-users mailing list