| View previous topic :: View next topic |
| Author |
Message |
KePSuX
Guru
Joined: 29 Sep 2003
Posts: 312
Location: Fredericksburg Va
|
 Posted: Thu Apr 28, 2005 8:02 pm Post subject: ClamAV |
 |
|
Ive got a FTP server that needs some realtime antivirus scanning. I installed ClamAV and got it running and got freshclam updating once an hour. It detects virii when manually run. I can't for the life of me figure out how to make some sort of "real time" scan work. If nothing else I'll just create a cron job to scan the ftp directory once ever 5 min or something, but I was hoping for a less ghetto way of doing it.
Problem #2 - How can I setup clamav to auto-delete a file found with a virii in it. It has a way to execute a command when a virus is found, but I'm not skilled enough to tell it to delete the file it found with a command.
Any tips? Thanks!!
_________________
http://www.atomicraygunattack.com |
|
| Back to top |
|
 |
anxt
Apprentice
Joined: 25 Feb 2003
Posts: 254
Location: Frozen Tundra, Canada
|
| Posted: Thu Apr 28, 2005 8:50 pm Post subject: |
|
|
glfptd lets you run scripts after completed upload
i don't know about other ftpds. could you just wrap the /ftpchroot/bin/* to run your script?
maybe monitor xferlog comes to mind as well. |
|
| Back to top |
|
|
KePSuX
Guru
Joined: 29 Sep 2003
Posts: 312
Location: Fredericksburg Va
|
| Posted: Fri Apr 29, 2005 11:38 am Post subject: |
|
|
| anxt wrote: | glfptd lets you run scripts after completed upload
i don't know about other ftpds. could you just wrap the /ftpchroot/bin/* to run your script?
maybe monitor xferlog comes to mind as well. |
Hey, thanks! Not a bad idea. I'm using vsftp, I'll check that out later today to see if it can run a script in the same fasion.
Still no idea how to make clamAV delete a file upon finding a virus in it. Anyone?
_________________
http://www.atomicraygunattack.com |
|
| Back to top |
|
|
rsevero
n00b
Joined: 01 Sep 2004
Posts: 33
|
| Posted: Sun May 01, 2005 3:12 pm Post subject: Take a look at Clamuko |
|
|
For the documentation page:
| Quote: | Clamuko
Clamuko is a special thread in clamd that performs on-access scanning under Linux and FreeBSD and shares internal virus database with the daemon. |
from http://www.clamav.net/doc/0.84/html/node26.html. |
|
| Back to top |
|
|
KePSuX
Guru
Joined: 29 Sep 2003
Posts: 312
Location: Fredericksburg Va
|
| Posted: Mon May 02, 2005 1:43 pm Post subject: Re: Take a look at Clamuko |
|
|
| rsevero wrote: | For the documentation page:
| Quote: | Clamuko
Clamuko is a special thread in clamd that performs on-access scanning under Linux and FreeBSD and shares internal virus database with the daemon. |
from http://www.clamav.net/doc/0.84/html/node26.html. |
Hehe, I saw that actually but was a bit worred by the note in clamd.conf that reads
| Quote: |
##
## Clamuko settings
## WARNING: This is experimental software. It is very likely it will hang
## up your system!!!
##
|
The machine is in a enviorment where downtime will cause quite a headache, so hung up boxes aren't an option. I think what I'm going to do is just write a shell script that just runs a manual scan across the directory I need to protect and then respawns when it finishes.
I still need advice on how I can have clamav auto delete a file when it is found infected. Im going across all their documentation again as I get the feeling I'm missing something obvious, but if anyone knows for sure let me know! Thanks!!
_________________
http://www.atomicraygunattack.com |
|
| Back to top |
|
|
rsevero
n00b
Joined: 01 Sep 2004
Posts: 33
|
| Posted: Mon May 02, 2005 1:48 pm Post subject: Clamd - no automatic deletion |
|
|
I'm not sure but I believe clamd don't have an automatic deletion (nor cleaning) feature. It just checks for virus and reports.
Your script can get the report and take the apropriate measures. |
|
| Back to top |
|
|
|
Networking & Security
