Question : ClamAV resident protection on openSUSE 11.2

Hi,

I am having problems trying to understand how ClamAV works. From my testing it looks like it does not run resident and protect the file system. So for example if I scan a folder that has the eicar virus in it it detects.

However if I download this virus and save it to the file system it does not intercept the write and prompt me saying I am saving a virus.

If I am wrong in my understanding please correct me as I would like to configure it much like the PC Av products allow me to.

So any ideas or alternatives.

Thanks,

Ward

Answer : ClamAV resident protection on openSUSE 11.2

There are couple of ways you can do this, using clamfs or inotify.

clamfs lets you mount an existing folder through clamav, so that any files accessed are first scanned. So lets say you had a folder called /files contain a virus called eicar.txt. You would mount the /files folder as say /clamav/files using clamfs and then accessing /clamav/files/eicar.txt would give a permission denied (because a virus was detected), whereas /files/eicar.txt would work fine.

inotify is a is a method for the kernel to let applications know about filesystem changes. It isn't clamav related, but what you can do is set up inotify watchers on various folders, and if any file changes are seen (such as adding a new file) it can trigger clamav to scan the file.

Random Solutions

Using ADMT to migrate user account across domain.

TSQL- Arithmetic overflow error converting float to data type numeric.

Sql 2008 server clustering

Win 7 - Need to uninstall assembly file manually. Access Denied

VBA to name an Access Table after a Form Control

adding user to an existing AD group

System.Threading .NET Framework Version

Exchange thinkgs email address is spoofed when sending mail from iPhone

A pre import Access tool

Microsoft.Office.Interop.Excel.dll 2003