Thanks Dennis On Tue, Feb 3, 2015 at 10:16 PM, Dennis Peterson <denni...@inetnw.com> wrote:
> It takes a lot of cores to run multiple VM's and scanning other VM's from > a peer VM across the virtual switch and creates a lot of traffic in the > vSwitch layer of the hosting system. It doesn't work to scan the vdisk of a > VM itself unless you can mount the virtual disk and scan it as you would > any mounted file system (the VM has to be off or a non-running file system > level snapshot created by the host or SAN) or you can share the file > systems of interest between the VM hosting ClamAV and any VMs you wish to > scan live. That would include the sharable file systems of the system > hosting the VM's. It is slow but it works. > > It would be interesting to explore hypervisor snapshots of VMs as a > possible mountable, scannable file system. Much depends on the hypervisor > and whether it creates snapshots on a vdisk vs proprietary file format. > > Having run hundreds of VM's concurrently I've taken the view that they're > sacrificial. Any sign of bad health and the running processes are migrated > to another VM. Then they're killed, replaced with a clean clone, and > deleted. > > dp > > > On 2/3/15 6:44 PM, Al Varnell wrote: > >> Not sure how ClamAV® works with other platform VM's, but on Apple Macs, >> it has not been shown to be effective. I always encourage users to install >> a separate A-V scanner within the VM environment (often Windows where >> ClamWIN works fine). >> >> -Al- >> >> >> On Tue, Feb 03, 2015 at 05:09PM, james henrydoss wrote: >> >>> Hi Joel, >>> >>> I am looking for some notes to run Clam AV to scan Virtual Machine >>> Instances.. I have a small OpenSwitch based implementation which runs two >>> instances of Ubuntu. I wanted to scan the ENVIRONMENT with ClamAV being >>> run >>> on one of the instances. >>> >>> Thanks >>> James Henrydoss >>> >>> >>> On Tue, Jan 27, 2015 at 6:24 PM, Joel Esler (jesler) <jes...@cisco.com> >>> wrote: >>> >>> http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html >>>> >>>> ClamAV 0.98.6 is a bug fix release correcting the following: >>>> >>>> >>>> * library shared object revisions. >>>> * installation issues on some Mac OS X and FreeBSD platforms. >>>> * includes a patch from Sebastian Andrzej Siewior making ClamAV pid >>>> files compatible with systemd. >>>> * - Fix a heap out of bounds condition with crafted Yoda's crypter >>>> files. This issue was discovered by Felix Groebert of the Google >>>> Security >>>> Team. >>>> * - Fix a heap out of bounds condition with crafted mew packer >>>> files. >>>> This issue was discovered by Felix Groebert of the Google Security Team. >>>> * - Fix a heap out of bounds condition with crafted upx packer >>>> files. >>>> This issue was discovered by Kevin Szkudlapski of Quarkslab. >>>> * - Fix a heap out of bounds condition with crafted upack packer >>>> files. This issue was discovered by Sebastian Andrzej Siewior. >>>> CVE-2014-9328. >>>> * - Compensate a crash due to incorrect compiler optimization when >>>> handling crafted petite packer files. This issue was discovered by >>>> Sebastian Andrzej Siewior. >>>> >>>> Thanks to the following ClamAV community members for code submissions >>>> and bug reporting included in ClamAV 0.98.6: >>>> >>>> Sebastian Andrzej Siewior >>>> Felix Groebert >>>> Kevin Szkudlapski >>>> Mark Pizzolato >>>> Daniel J. Luke >>>> >>>> Please download the latest release of ClamAV from 0.98.6 from our >>>> download >>>> page<http://www.clamav.net/download.html>. >>>> >>>> -- >>>> Joel Esler >>>> Open Source Manager >>>> Threat Intelligence Team Lead >>>> Talos >>>> _______________________________________________ >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>>> _______________________________________________ >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >>> >> -Al- >> > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
