Hi,

1) how about using normal security features provided by linux os? (apparmor, selinux, chroot ..)

2) use containers, virtualization and similar techniques?

Eero

On Tue 22. Mar 2022 at 23.14, Yang, Jiayi via clamav-users <clamav-users@lists.clamav.net> wrote:

Hi ClamAV community,

 

Hope this email finds you well. I’m writing to inquire about the proper usage of ClamAV and whether it’s suggested to run ClamAV within a sandbox to avoid infecting other files/applications in the host if a malware is detected. I have two main questions:

 

  1. When scanning a given file, will ClamAV only do static analysis(based on signature database) or it will execute the file and analyze its behavior? If the file is a malware and we use ClamAV to scan the file, will it possibly infect the scanner or infect other files/applications on the host?
  2. Is there any built-in sandbox mechanism in ClamAV so that when it scans a file, the file can be scanned in an isolated environment?

 

Thank you so much! Looking forward to hearing from you.

 

Best,

Jiayi

 


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml