On Tue, 2 Jul 2024, Khodor Barakat via clamav-users wrote:
Hi, everyone
I am writing to inquire about the security measures implemented when
using ClamAV's clamdscan for remote scanning, particularly when
streaming to port 3310.
clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream /tmp/testfile.txt
Does --fdpass work over tcp ?
If so, I mis-understand what it does.
cat /etc/clamd.d/remote-scan.conf
LogSyslog yes
StreamMaxLength 10M
User clamscan
TCPSocket 3310
TCPAddr 192.168.1.100
Does anyone have information on the security protocols and
safeguards in place in order to protect data during remote scans?
I believe that the files to be tested are sent in plain, ie not encrypted.
The best reference i can find is
https://docs.clamav.net/manual/Usage/Scanning.html#daemon
(or you could try reading the code).
What are your specific concerns ?
Client, network, server,
Client attacking server, server accessing files on client ?
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
