This is what I see from the strace:
sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23
That's interesting. Does the client machine access clamav-central via a
local proxy? Or more precisely, does the exemplary TCPAddr
"clamav-central.company.com" resolve to an IP-address that the client
machine uses on one of its interfaces?
So is it safe to use --stream in this case, despite the documentation warning?
Well, somehow the central server needs to obtain the file contents for
scanning._______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
