Tripwire presumes a golden fileset at the outset, that is, scanned to the degree possible before enabling Tripwire. The fear of zero-day loop is infinite.

dp

On 3/21/18 6:41 PM, Paul Kosinski wrote:
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamAV, identifying files using SHA1 hashing
(with a few 'stat' results like inode and timestamp for good measure).

I gave up when I realized that even if a file had already been scanned,
it might have contained "0-day" malware when it was scanned. This could
make it quite nasty, especially if ClamAV is behind in 0-day detection.


On Wed, 21 Mar 2018 16:56:06 -0700
Dennis Peterson <denni...@inetnw.com> wrote:

It is possible to integrate ClamAV and Tripwire to get to a scan-once
environment. Include puppet or CFEngine for a more complete tool.

dp


_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to