I don't think there is anything builtin to clamd, but you might consider setting up a secure tunnel(s) from the client machine(s) to the scanning machine.
For example, each client machine has a little daemon that listens on a UNIX socket and is connected securely (SSH, OpenVPN etc.) to the scanning machine. That machine has a (daemon) listener on the agreed upon port which forwards the (decrypted) traffic to clamd's local UNIX socket. (The responses must be sent back, of course.) This obviously adds some overhead, but so would a similar function builtin to clamd. On Fri, 5 Jul 2024 19:32:01 +0000 Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> wrote: > Anyone has encountered this, i can see the transfer is not encrypted and > secure when doing a remote scan , > > I captured the packet on the remote server and i can see the data as clear > text , > > > [Timestamps] > [Time since first frame in this TCP stream: 0.000209756 seconds] > [Time since previous frame in this TCP stream: 0.000037349 seconds] > TCP payload (28 bytes) > Data (28 bytes) > > 0000 00 00 00 14 74 68 69 73 20 69 73 20 61 20 74 65 ....this is a te > 0010 73 74 20 66 69 6c 65 0a 00 00 00 00 st file..... > Data: 0000001474686973206973206120746573742066696c650a... > [Length: 28] > > > ________________________________ > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> > Sent: Tuesday, July 2, 2024 4:03 PM > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > Cc: Khodor Barakat <khodor.bara...@outlook.com> > Subject: [clamav-users] Inquiry About Security Measures for Remote Scanning > Using Clamdscan > > Hi, everyone > > I am writing to inquire about the security measures implemented when using > ClamAV's clamdscan for remote scanning, particularly when streaming to port > 3310. > > clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream > /tmp/testfile.txt > > cat /etc/clamd.d/remote-scan.conf > LogSyslog yes > StreamMaxLength 10M > User clamscan > TCPSocket 3310 > TCPAddr 192.168.1.100 > > > Does anyone have information on the security protocols and safeguards in > place in order to protect data during remote scans? > > Thank you for your assistance _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
