Re: [Clamav-users] How to run clamscan for a list of files from afile?

Wed, 29 Nov 2006 08:13:17 -0800 

Mark wrote:

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Dennis Peterson
Sent: dinsdag 28 november 2006 22:58
To: ClamAV users ML
Subject: Re: [Clamav-users] How to run clamscan for a list of
files from afile?


First of all, when it comes to scanning mail, I have a hard time finding
reasons for justifying doing a ClamAV scan other than at
reception/delivery time. Scanning mail dirs periodically means you always
have gaping windows of insecure time during which people will retrieve
mail.



You may have gotten mail last week that contains a virus found by a 
pattern released this week. This isn't a problem for users that use imap 
and leave the mail on the server or local delivery system. And in any 
event one does the best one can with the available tools and that there 
are gaps is an unavoidable consequence of the best technology we have.





... This looks interesting:
http://www.fpsn.net/index.cgi?pg=products&product=File::Scan::ClamAV

It allows sending files as streams to clamd so there is only a single
invocation of perl and clamd is presumed already running.


It also says:

"Note that the resource must be readable by the user the ClamdAV clamd
service is running as."

Ay, there's the rub.



If you send clamd a path to a file then clamd must have adequate 
permissions to open and scan that file. If you send it a stream via a 
socket it has not ownership problems.




For scanning a mail dir periodically (which I *also* do, next to scanning
at delivery time, so as to potentially catch a virus after-the-fact when
new definitions are available), I once wrote a little Perl script that
uses the local POP server to retrieve mail. It has the advantage that you
don't need to have clamd running as root (and I use the same POP protocol
to then delete individually infected messages, too).




It's definitely a solution, though not particularly efficient in terms 
of system resources.


dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html






















					Reply via email to