Question : ClamAV resident protection on openSUSE 11.2

Hi,

I am having problems trying to understand how ClamAV works. From my testing it looks like it does not run resident and protect the file system. So for example if I scan a folder that has the eicar virus in it it detects.

However if I download this virus and save it to the file system it does not intercept the write and prompt me saying I am saving a virus.

If I am wrong in my understanding please correct me as I would like to configure it much like the PC Av products allow me to.

So any ideas or alternatives.

Thanks,

Ward

Answer : ClamAV resident protection on openSUSE 11.2


There are couple of ways you can do this, using clamfs or inotify.

clamfs lets you mount an existing folder through clamav, so that any files accessed are first scanned.  So lets say you had a folder called /files contain a virus called eicar.txt.  You would mount the /files folder as say /clamav/files using clamfs and then accessing /clamav/files/eicar.txt would give a permission denied (because a virus was detected), whereas /files/eicar.txt would work fine.

inotify is a is a method for the kernel to let applications know about filesystem changes.  It isn't clamav related, but what you can do is set up inotify watchers on various folders, and if any file changes are seen (such as adding a new file) it can trigger clamav to scan the file.
Random Solutions  
 
programming4us programming4us