It takes a lot of cores to run multiple VM's and scanning other VM's from a peer
VM across the virtual switch and creates a lot of traffic in the vSwitch layer
of the hosting system. It doesn't work to scan the vdisk of a VM itself unless
you can mount the virtual disk and scan it as you would any mounted file system
(the VM has to be off or a non-running file system level snapshot created by the
host or SAN) or you can share the file systems of interest between the VM
hosting ClamAV and any VMs you wish to scan live. That would include the
sharable file systems of the system hosting the VM's. It is slow but it works.
It would be interesting to explore hypervisor snapshots of VMs as a possible
mountable, scannable file system. Much depends on the hypervisor and whether it
creates snapshots on a vdisk vs proprietary file format.
Having run hundreds of VM's concurrently I've taken the view that they're
sacrificial. Any sign of bad health and the running processes are migrated to
another VM. Then they're killed, replaced with a clean clone, and deleted.
dp
On 2/3/15 6:44 PM, Al Varnell wrote:
Not sure how ClamAV® works with other platform VM's, but on Apple Macs, it has
not been shown to be effective. I always encourage users to install a separate
A-V scanner within the VM environment (often Windows where ClamWIN works fine).
-Al-
On Tue, Feb 03, 2015 at 05:09PM, james henrydoss wrote:
Hi Joel,
I am looking for some notes to run Clam AV to scan Virtual Machine
Instances.. I have a small OpenSwitch based implementation which runs two
instances of Ubuntu. I wanted to scan the ENVIRONMENT with ClamAV being run
on one of the instances.
Thanks
James Henrydoss
On Tue, Jan 27, 2015 at 6:24 PM, Joel Esler (jesler) <jes...@cisco.com>
wrote:
http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
ClamAV 0.98.6 is a bug fix release correcting the following:
* library shared object revisions.
* installation issues on some Mac OS X and FreeBSD platforms.
* includes a patch from Sebastian Andrzej Siewior making ClamAV pid
files compatible with systemd.
* - Fix a heap out of bounds condition with crafted Yoda's crypter
files. This issue was discovered by Felix Groebert of the Google Security
Team.
* - Fix a heap out of bounds condition with crafted mew packer files.
This issue was discovered by Felix Groebert of the Google Security Team.
* - Fix a heap out of bounds condition with crafted upx packer files.
This issue was discovered by Kevin Szkudlapski of Quarkslab.
* - Fix a heap out of bounds condition with crafted upack packer
files. This issue was discovered by Sebastian Andrzej Siewior.
CVE-2014-9328.
* - Compensate a crash due to incorrect compiler optimization when
handling crafted petite packer files. This issue was discovered by
Sebastian Andrzej Siewior.
Thanks to the following ClamAV community members for code submissions
and bug reporting included in ClamAV 0.98.6:
Sebastian Andrzej Siewior
Felix Groebert
Kevin Szkudlapski
Mark Pizzolato
Daniel J. Luke
Please download the latest release of ClamAV from 0.98.6 from our download
page<http://www.clamav.net/download.html>.
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
-Al-
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
