[clamav-users] Inquiry about ClamAV's usage within sandbox
Eero Volotinen
eero.volotinen at iki.fi
Wed Mar 23 00:06:02 UTC 2022
Hi,
1) how about using normal security features provided by linux os?
(apparmor, selinux, chroot ..)
2) use containers, virtualization and similar techniques?
Eero
On Tue 22. Mar 2022 at 23.14, Yang, Jiayi via clamav-users <
clamav-users at lists.clamav.net> wrote:
> Hi ClamAV community,
>
>
>
> Hope this email finds you well. I’m writing to inquire about the proper
> usage of ClamAV and whether it’s suggested to run ClamAV within a sandbox
> to avoid infecting other files/applications in the host if a malware is
> detected. I have two main questions:
>
>
>
> 1. When scanning a given file, will ClamAV only do static
> analysis(based on signature database) or it will execute the file and
> analyze its behavior? If the file is a malware and we use ClamAV to scan
> the file, will it possibly infect the scanner or infect other
> files/applications on the host?
> 2. Is there any built-in sandbox mechanism in ClamAV so that when it
> scans a file, the file can be scanned in an isolated environment?
>
>
>
> Thank you so much! Looking forward to hearing from you.
>
>
>
> Best,
>
> Jiayi
>
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220323/b5e0ab66/attachment.htm>
More information about the clamav-users
mailing list