If I'm understanding your use case correctly you may want to use this tool:
https://www.npmjs.com/package/clamscan Create an express app and run the daemon locally on the same server. The express app is essentially a glorified local proxy. On Jul 5, 2024, 4:46 PM -0400, Khodor Barakat via clamav-users <clamav-users@lists.clamav.net>, wrote: > Thanks Paul, > > This was something i was looking into, like building an ssh tunnel , but it > is a burden as tunnel failure would broke the entire process , > > I might reconsider running clamdscan locally while tunning the config and > using systemd unit param to limit the resources used by clamdscan service > > From: Paul Kosinski <clamav-us...@iment.com> > Sent: Friday, July 5, 2024 4:29 PM > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>; Khodor > Barakat <khodor.bara...@outlook.com> > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > Scanning Using Clamdscan > > I don't think there is anything builtin to clamd, but you might consider > setting up a secure tunnel(s) from the client machine(s) to the scanning > machine. > > For example, each client machine has a little daemon that listens on a UNIX > socket and is connected securely (SSH, OpenVPN etc.) to the scanning machine. > That machine has a (daemon) listener on the agreed upon port which forwards > the (decrypted) traffic to clamd's local UNIX socket. (The responses must be > sent back, of course.) > > This obviously adds some overhead, but so would a similar function builtin to > clamd. > > > On Fri, 5 Jul 2024 19:32:01 +0000 > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> wrote: > > > Anyone has encountered this, i can see the transfer is not encrypted and > > secure when doing a remote scan , > > > > I captured the packet on the remote server and i can see the data as clear > > text , > > > > > > [Timestamps] > > [Time since first frame in this TCP stream: 0.000209756 seconds] > > [Time since previous frame in this TCP stream: 0.000037349 seconds] > > TCP payload (28 bytes) > > Data (28 bytes) > > > > 0000 00 00 00 14 74 68 69 73 20 69 73 20 61 20 74 65 ....this is a te > > 0010 73 74 20 66 69 6c 65 0a 00 00 00 00 st file..... > > Data: 0000001474686973206973206120746573742066696c650a... > > [Length: 28] > > > > > > ________________________________ > > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> > > Sent: Tuesday, July 2, 2024 4:03 PM > > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > > Cc: Khodor Barakat <khodor.bara...@outlook.com> > > Subject: [clamav-users] Inquiry About Security Measures for Remote Scanning > > Using Clamdscan > > > > Hi, everyone > > > > I am writing to inquire about the security measures implemented when using > > ClamAV's clamdscan for remote scanning, particularly when streaming to port > > 3310. > > > > clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream > > /tmp/testfile.txt > > > > cat /etc/clamd.d/remote-scan.conf > > LogSyslog yes > > StreamMaxLength 10M > > User clamscan > > TCPSocket 3310 > > TCPAddr 192.168.1.100 > > > > > > Does anyone have information on the security protocols and safeguards in > > place in order to protect data during remote scans? > > > > Thank you for your assistance > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
