Hello
조정환,
What type of hypervisor are we talking about?
Depending on the hypervisor ClamAV
could be installed, but I would certainly not recommend this. It would be better to block remote access to it so no bad actors can get near it.
Can you be a bit more specific on question2? You went to ‘sniff’ the ClamAV network traffic?
To my knowledge, unless otherwise configured, ClamAV will only download updates.
If your intention is to use ClamAV to monitor network traffic for bad actors, I fear ClamAV is not designed for this.
Best regards,
Remi Bruggeman
From: clamav-users [mailto:clamav-users-bounces@lists.clamav.net]
On Behalf Of "???"
Sent: Thursday, July 05, 2018 8:00 AM
To: ClamAV users ML
Subject: [clamav-users] Is ClamAV available on the hypervisor?
Hello, I am using ClamAV for my organization, but I am using it only on the VM server.
Here is the question.
1. My supervisor asks, "Is ClamAV available on the hypervisor?"
I can not answer the question of what other VM servers do when the hypervisor gets infected?
2. I was asked if there is a capability to analyze traffic moving between VM servers with ClamAV installed, but I am not listed in the detection rule creation manual.
I really want to know. I can not find the answer I want even if I googleing questions.
|
|
