On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
So I have a kali Linux server, could I use that to scan my windows
vms for viruses using this "For Linux etc. you can get a central
machine (either the same server or a different one) to connect to
each client, eg with ssh, and make it run the above scan?"
Sorry I am quite clamav so sorry if I am being stupid but I just
want a simple way to scan my LAN for viruses and get results back
and not have to run 15 different clam scans on all my vms.
I cannot speak for any Windows ClamAV packages, but the official
ClamAV and the linux packages I have seen do not have a network level
interface to do that.
Since you wish to scan VMs, there may be a way to scan them from
the host server, though that would only be safe when they are idle,
and probably only when the filesystems are unmounted.
In principal if you can make the *filesystems* inside the VM
accessible to the host, you can mount and scan them. Once upon a time
a VM had virtual disks and this was comparatively easy, but most VM
systems now hide the virtual disks and partitions, so that the host
system users cannot attack the files on the VM, or be compromised by
them.
-----Original Message-----
From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 17:21
To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <cla...@aitchison.me.uk>
Subject: Re: [clamav-users] Help with clamav
On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
I would like some help setting up clamav to scan remote hosts from a
clamd server is this possible?
Nearly.
In the likely setup,
each client reads the files and sends them to the server for checking.
For Linux etc. you can get a central machine (either the same server or a
different one) to connect to each client, eg with ssh, and make it run the
above scan. Alternatively you could use cron etc. to get each client to run the
scan itself and send the results to the central machine.
For a server to scan a client you would have to make a client share its
filesystems with the server. Whilst this is possible, I suspect (I've never
tested it) that this would be slower than sending the files over the net to be
checked - the remote clam scan protocol has a low overhead.
Suprisingly, the remote scan can be faster than running the scan locally on
each client, since the checks require a significant amount of RAM (more than a
GB) and the clamd server caches previous scan results, so it may not need to
try each virus definition on every file.
Are you looking to write the scripts yourself, or searching for someone to do
it for a fee ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
