Bu Blogda Ara

21 Kasım 2014 Cuma

How to make on access scanning in linux using clamav?

clamdscan:
clamdscan is a simple clamd client. In many cases you can use it as a clamscan replacement however you must remember:
  • It only depends on clamd
  • Although it accepts the same command line options as clamscan, most of them are ignored because they must be enabled directly in clamd (via clamd.conf)
  • In TCP mode, scanned files must be accessible for clamd. In LocalSocket mode, clamdscan will try to workaround this limitation by using FILDES
Clamuko:
Clamuko is a special thread in clamd that performs on-access scanning under Linux and FreeBSD and shares internal virus database with the daemon. You must follow some important rules:
  • Always stop the daemon cleanly - using the SHUTDOWN command or SIGTERM signal, otherwise you may lose access to the files until the system is restarted
  • Never protect the directory your mail-scanner software uses for attachment unpacking. Access to all infected files will be automatically blocked and the scanner (including clamd) will not be able to detect any viruses. Therefore, all infected mails may be delivered.
For example, to protect the whole system add the following line to clamd.conf:
ClamukoScanOnAccess
ClamukoIncludePath /
ClamukoExcludePath /proc
ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software

You can also use clamuko to protect files on Samba/Netatalk but far more better and safe idea to use samba-vscan module.  NFS is not supported because Dazuko doesn't intercept NFS access calls.

__**clamscan:**__

clamscan writes all regular program messages to stdout and errors/warning to stderr.  You can use the option --stdout to redirect all program messages to stdout.  Warning and error messages from libclamav are always printed to stderr.

__**libclamav:**__

libclamav provides an easy and effective way to add a virus protection into your software.  The library is thread-safe and transparently recognizes and scans within archives, mail files, MS Office document files, executables and other special formats.

libclamav includes a DLP module which can detect credit card and social securit numbers inside text files.