Hi there, On Wed, 29 Apr 2020, Sayanora V via clamav-users wrote:
I would like to understand if any of the following features supported by ClamAV? 1. Behavior-based Protection
If you mean "Does ClamAV look at running processes?", then no, it does not do that. It normally looks at something which would eventually be stored in a file, even if at the time it is not so stored (for example data can be fed to the scanner over a socket connection during a mail server's conversation with a client, and, if the server decides not to accept the message, then the data may never be saved to a file).
2. Heuristic scan
Perhaps yes, although it depends on what you mean by heuristics; see https://www.clamav.net/documents/libclamav
3. Script based checks for file
Yes, of course you can write scripts which use ClamAV executables and libraries; if this answer seems vague please clarify your question.
4. Script based checks for traffic
ClamAV does not normally inspect network traffic directly, but because it makes available numerous tools you could (for example) devise a way to feed network traffic to a clamd daemon. The name of the ClamAV 'safebrowsing' feature may be misleading. This is intended _only_ to detect URIs in email which point to malicious or compromised sites, it does not for example monitor Web traffic in real time. There are some initiatives which do attempt that, you will need to search for them. The archives for this mailing list may be helpful.
Appreciate your inputs on alternate features to mitigate the above functionalities(if any).
There is much more information at https://www.clamav.net/documents
Thank you very music in advance!
(s/music/much/;) -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
