Hi ClamAV community,

 

Hope this email finds you well. I’m writing to inquire about the proper usage of ClamAV and whether it’s suggested to run ClamAV within a sandbox to avoid infecting other files/applications in the host if a malware is detected. I have two main questions:

 

1. When scanning a given file, will ClamAV only do static analysis(based on signature database) or it will execute the file and analyze its behavior? If the file is a malware and we use ClamAV to scan the file, will it possibly infect the scanner or infect other files/applications on the host?
2. Is there any built-in sandbox mechanism in ClamAV so that when it scans a file, the file can be scanned in an isolated environment?

 

Thank you so much! Looking forward to hearing from you.

 

Best,

Jiayi