Tripwire presumes a golden fileset at the outset, that is, scanned to the degree
possible before enabling Tripwire. The fear of zero-day loop is infinite.
dp
On 3/21/18 6:41 PM, Paul Kosinski wrote:
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamAV, identifying files using SHA1 hashing
(with a few 'stat' results like inode and timestamp for good measure).
I gave up when I realized that even if a file had already been scanned,
it might have contained "0-day" malware when it was scanned. This could
make it quite nasty, especially if ClamAV is behind in 0-day detection.
On Wed, 21 Mar 2018 16:56:06 -0700
Dennis Peterson <denni...@inetnw.com> wrote:
It is possible to integrate ClamAV and Tripwire to get to a scan-once
environment. Include puppet or CFEngine for a more complete tool.
dp
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml