On Wed, 10 Apr 2024, Nathan Millard via clamav-users wrote:
If I mapped a network drive to my server running clamav would it be
possible to scan that network drive?
Yes, but ...
So if I map another servers C drive to my clam server could I run a
scan of that mapped c drive using clamav?
I've never actually tried that, but my recollection from when I was
backing up CIFS/SMB shares with Samba, is that you wont be able to
read any files that are open on the serving nmachine.
As Marc says, doing it this way means that every file will be
transferred over the network*.
*If your Clam server is also the VM host, the "network" is entirely
within the physical machine, so *may* be fast enough that you don't care.
Sorry I am quite clamav so sorry if I am being stupid but I just
want a simple way to scan my LAN for viruses and get results back
and not have to run 15 different clam scans on all my vms.
That is likely the price you pay for a scan that doesn't require that
you send the whole disk over the network.
-----Original Message-----
From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Andrew
C Aitchison via clamav-users
Sent: 05 April 2024 19:49
To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <cla...@aitchison.me.uk>
Subject: Re: [clamav-users] Help with clamav
On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
So I have a kali Linux server, could I use that to scan my windows vms
for viruses using this "For Linux etc. you can get a central machine
(either the same server or a different one) to connect to each client,
eg with ssh, and make it run the above scan?"
Sorry I am quite clamav so sorry if I am being stupid but I just want
a simple way to scan my LAN for viruses and get results back and not
have to run 15 different clam scans on all my vms.
I cannot speak for any Windows ClamAV packages, but the official ClamAV and the
linux packages I have seen do not have a network level interface to do that.
Since you wish to scan VMs, there may be a way to scan them from the host
server, though that would only be safe when they are idle, and probably only
when the filesystems are unmounted.
In principal if you can make the *filesystems* inside the VM accessible to the
host, you can mount and scan them. Once upon a time a VM had virtual disks and
this was comparatively easy, but most VM systems now hide the virtual disks and
partitions, so that the host system users cannot attack the files on the VM, or
be compromised by them.
-----Original Message-----
From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf
Of Andrew C Aitchison via clamav-users
Sent: 05 April 2024 17:21
To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <cla...@aitchison.me.uk>
Subject: Re: [clamav-users] Help with clamav
On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
I would like some help setting up clamav to scan remote hosts from a
clamd server is this possible?
Nearly.
In the likely setup,
each client reads the files and sends them to the server for checking.
For Linux etc. you can get a central machine (either the same server or a
different one) to connect to each client, eg with ssh, and make it run the
above scan. Alternatively you could use cron etc. to get each client to run the
scan itself and send the results to the central machine.
For a server to scan a client you would have to make a client share its
filesystems with the server. Whilst this is possible, I suspect (I've never
tested it) that this would be slower than sending the files over the net to be
checked - the remote clam scan protocol has a low overhead.
Suprisingly, the remote scan can be faster than running the scan locally on
each client, since the checks require a significant amount of RAM (more than a
GB) and the clamd server caches previous scan results, so it may not need to
try each virus definition on every file.
Are you looking to write the scripts yourself, or searching for someone to do
it for a fee ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
