On Wed, 21 Oct 2020, G.W. Haywood via clamav-users wrote:
On Wed, 21 Oct 2020, Andrew C Aitchison via clamav-users wrote:
> and that using clamav's on-access scanning has the advantage of
catching the
> nasties before the file is used, unlike the inotify-bsed solutions,
which
> avoid the latency that on-access scanning produces ...
Not sure that I follow all that, but the perceived advantage of having
a potential to catch any nasties must necessarily be discounted by the
probability that it will catch anything when it actually looks for it.
Rough order of magnitude I guess a one in three chance on a good day.
I meant that on-access scanning may block the nasty before the vulnerable
program parses/executes the exploit, but an inotify-based solution
will give the nasty file to the vulnerable program at the same time as,
if not before, the scanner gets to check it.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
