Hello again Nick, On Thu, 4 Feb 2021, Nick via clamav-users wrote:
... provide web browsing over VDI to users in a secure environment (i.e. no internet). [snip] only from Downloads can they retrieve files and download to their actual machine in the secure zone. ...
The picture's clearer thanks. Presumably the Web browsing you speak of _is_ on the public Internet?
Interested to know your thoughts.
If Web browsing is indeed to permit downloads from the public Internet it seems a shame, having managed to set up a relatively less insecure environment, to allow it to be compromised in that way. You might say that there's little depth to the defence. What's the downside risk if something gets past the defences? Are the users sympathetic or antagonistic? Do you know what sort of thing you might be downloading/scanning? How many files/unit time will you be likely to need to scan? Have you benchmarked predicted performance on a representative sample? Will it just be fire and forget, or will you be able to keep an eye on it? Will you have a log that you can peruse in your (cue laughter) copious spare time and copies of the downloaded files for forensic/legal/research/educational purposes? Having every scanner on the planet to scan all your downloads can't guarantee that the downloaded files are free of malice. Estimates of the probabilities of something getting past any scanner are available. They don't make for encouraging reading - you'll be talking in terms of missing one in five on a very good day. A single zero-day exploit will get past every scanner that's available, and can ruin your whole Year/Bank Account/Business Model/Career. The thoughts don't seem to change much from month to month, but there always seem to be new and interesting variations on the threats. Sometimes old and interesting. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
