Hi there, On Tue, 15 Jun 2021, Lee, Raymond via clamav-users wrote:
... I don't want this thread to become a debate about whether or not to scan the entire system. I was just looking for insight into my question about clamd and SELinux.
Sure, with you. FWIW I don't scan Linux systems. Primarily I use ClamAV to scan mail, and I'm not especially interested in malware. As far as SELinux is concerned it seems to me that it's most likely doing what it's supposed to do. My personal take on is that there's no reason on Earth to scan a shadow_t type file with ClamAV, and if you do let it do that you risk a vulnerability in ClamAV ruining your whole holiday. I don't know why you aren't seeing the log messages which you're expecting to see, perhaps it's a permissions issue too. In case it's interesting, here's the detection performance of some scanners for the last 40 malicious emails processed by my systems: 30 fortinet.com 28 drweb.com 26 gdatasoftware.com 26 escanav.com 26 bitdefender.com 25 avast.com 20 sophos.com 20 ikarus.at 19 eset.com 7 f-secure.com 5 f-prot.com 3 clamav.net 0 trendmicro.com The detection numbers were obtained by manually inspecting attempts to send suspicious mail to our servers, and after confirming that the mail was malicious, submitting samples to Jotti's malware scan: https://virusscan.jotti.org/ This was by no means a scientific experiment. The sample size was very samll; the malware chose to be in the study, not the other way around; some of the 40 samples were almost identical; there may be issues with the way in which samples were presented to the scanners which skews the comparitive results. But as you can see, even the best performer only found three out of four. It's food for thought. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
