Martin R Morales wanted us to know:
>I've installed ClamAV 0.70 and am curious as to how to have a
>client/server configuration setup. More exact, how do I tell
>the clamscan/clamdscan client to connect to a remote host that
>is running 'clamd'. I have looked at the docs on the site, but
>do not see anything on this; or perhaps I've missed it. I'll look
>again, but I would like to hear from everyone's opinion and
>experiences. Also, I have set the configuration ('/etc/clamav/clamd.conf')
>to use the following settings on the server side (server running
>clamd) ::
># TCP port address.
>TCPSocket 3310
># TCP address
>TCPAddr 10.10.10.200
It can be done. I tested with my client (192.168.100.166) and a local
test server (192.168.100.49) and found that it works fine. Here's the
steps:
1) NFS export the clamav temp directory on the client machine.
2) NFS mount the clamav temp directory on the server machine in the same
path as it's exported.
3) Configure the client /etc/clamav.conf to use the tcp port and the IP
address of the server's public interface (and not localhost, as is the
default). Comment out the LocalSocket setting.
4) Configure the server /etc/clamav.conf to use the tcp port and the IP
address of the server's public interface (again, not localhost).
Comment out the LocalSocket setting.
Now when you clamdscan, you can scan the files in that nfs exported
directory.
This shows that it can work. On the client machine:
[EMAIL PROTECTED] root]# clamdscan /tmp
/tmp: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.009 sec (0 m 0 s)
And here is the tcpdump of the traffic:
[EMAIL PROTECTED] clamav]# tcpdump -n -X port 3310
tcpdump: listening on eth0
00:43:34.489264 192.168.100.166.44566 > 192.168.100.49.3310: S
3270303035:3270303035(0) win 5840 <mss 1460,sackOK,timestamp 617469181
0,nop,wscale 0> (DF)
0x0000 4500 003c 09c6 4000 4006 e6cd c0a8 64a6 E..<[EMAIL PROTECTED]@.....d.
0x0010 c0a8 6431 ae16 0cee c2ec dd3b 0000 0000 ..d1.......;....
0x0020 a002 16d0 9216 0000 0204 05b4 0402 080a ................
0x0030 24cd d4fd 0000 0000 0103 0300 $...........
00:43:34.489335 192.168.100.49.3310 > 192.168.100.166.44566: S
573953855:573953855(0) ack 3270303036 win 5792 <mss
1460,sackOK,timestamp 78179849 617469181,nop,wscale 0> (DF)
0x0000 4500 003c 0000 4000 4006 f093 c0a8 6431 E..<[EMAIL PROTECTED]@.....d1
0x0010 c0a8 64a6 0cee ae16 2235 d73f c2ec dd3c ..d....."5.?...<
0x0020 a012 16a0 a60e 0000 0204 05b4 0402 080a ................
0x0030 04a8 ee09 24cd d4fd 0103 0300 ....$.......
00:43:34.489594 192.168.100.166.44566 > 192.168.100.49.3310: . ack 1 win
5840 <nop,nop,timestamp 617469181 78179849> (DF)
0x0000 4500 0034 09c7 4000 4006 e6d4 c0a8 64a6 [EMAIL PROTECTED]@.....d.
0x0010 c0a8 6431 ae16 0cee c2ec dd3c 2235 d740 ..d1.......<"5.@
0x0020 8010 16d0 d4a3 0000 0101 080a 24cd d4fd ............$...
0x0030 04a8 ee09 ....
00:43:34.489679 192.168.100.166.44566 > 192.168.100.49.3310: P 1:14(13)
ack 1 win 5840 <nop,nop,timestamp 617469181 78179849> (DF)
0x0000 4500 0041 09c8 4000 4006 e6c6 c0a8 64a6 [EMAIL PROTECTED]@.....d.
0x0010 c0a8 6431 ae16 0cee c2ec dd3c 2235 d740 ..d1.......<"5.@
0x0020 8018 16d0 a9bc 0000 0101 080a 24cd d4fd ............$...
0x0030 04a8 ee09 434f 4e54 5343 414e 202f 746d ....CONTSCAN./tm
0x0040 70 p
00:43:34.489727 192.168.100.49.3310 > 192.168.100.166.44566: . ack 14
win 5792 <nop,nop,timestamp 78179849 617469181> (DF)
0x0000 4500 0034 3949 4000 4006 b752 c0a8 6431 [EMAIL PROTECTED]@..R..d1
0x0010 c0a8 64a6 0cee ae16 2235 d740 c2ec dd49 ..d....."[EMAIL PROTECTED]
0x0020 8010 16a0 d4c6 0000 0101 080a 04a8 ee09 ................
0x0030 24cd d4fd $...
00:43:34.497875 192.168.100.49.3310 > 192.168.100.166.44566: P 1:10(9)
ack 14 win 5792 <nop,nop,timestamp 78179850 617469181> (DF)
0x0000 4500 003d 394a 4000 4006 b748 c0a8 6431 [EMAIL PROTECTED]@..H..d1
0x0010 c0a8 64a6 0cee ae16 2235 d740 c2ec dd49 ..d....."[EMAIL PROTECTED]
0x0020 8018 16a0 a464 0000 0101 080a 04a8 ee0a .....d..........
0x0030 24cd d4fd 2f74 6d70 3a20 4f4b 0a $.../tmp:.OK.
00:43:34.497935 192.168.100.49.3310 > 192.168.100.166.44566: F 10:10(0)
ack 14 win 5792 <nop,nop,timestamp 78179850 617469181> (DF)
0x0000 4500 0034 394b 4000 4006 b750 c0a8 6431 [EMAIL PROTECTED]@..P..d1
0x0010 c0a8 64a6 0cee ae16 2235 d749 c2ec dd49 ..d....."5.I...I
0x0020 8011 16a0 d4bb 0000 0101 080a 04a8 ee0a ................
0x0030 24cd d4fd $...
00:43:34.498150 192.168.100.166.44566 > 192.168.100.49.3310: . ack 10
win 5840 <nop,nop,timestamp 617469190 78179850> (DF)
0x0000 4500 0034 09c9 4000 4006 e6d2 c0a8 64a6 [EMAIL PROTECTED]@.....d.
0x0010 c0a8 6431 ae16 0cee c2ec dd49 2235 d749 ..d1.......I"5.I
0x0020 8010 16d0 d483 0000 0101 080a 24cd d506 ............$...
0x0030 04a8 ee0a ....
00:43:34.498290 192.168.100.166.44566 > 192.168.100.49.3310: F 14:14(0)
ack 11 win 5840 <nop,nop,timestamp 617469190 78179850> (DF)
0x0000 4500 0034 09ca 4000 4006 e6d1 c0a8 64a6 [EMAIL PROTECTED]@.....d.
0x0010 c0a8 6431 ae16 0cee c2ec dd49 2235 d74a ..d1.......I"5.J
0x0020 8011 16d0 d481 0000 0101 080a 24cd d506 ............$...
0x0030 04a8 ee0a ....
00:43:34.498329 192.168.100.49.3310 > 192.168.100.166.44566: . ack 15
win 5792 <nop,nop,timestamp 78179850 617469190> (DF)
0x0000 4500 0034 394c 4000 4006 b74f c0a8 6431 [EMAIL PROTECTED]@..O..d1
0x0010 c0a8 64a6 0cee ae16 2235 d74a c2ec dd4a ..d....."5.J...J
0x0020 8010 16a0 d4b1 0000 0101 080a 04a8 ee0a ................
0x0030 24cd d506 $...
Now if you're trying to be able to scan any file on the filesystem of
the client, that's more difficult. You need to NFS export / and mount
it somewhere on the server. On the client when you tell it to scan
things, the path should have whatever additional path is required for
the server to scan in the correct place.
I suppose you could also use samba instead of NFS, but that's up to your
druthers and experiences.
--
Regards... Todd
They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. --Benjamin Franklin
Linux kernel 2.6.3-8mdkenterprise 0 users, load average: 0.29, 0.17, 0.11
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g.
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users
