Thanks for sharing this , I am currently using clamscan within my app, but the problem with clamscan has to load the entire virus database and initialize the scanning engine from scratch.
Scanning a file with few kb took what a mb file would need for scanning around 20 to 30s ________________________________ From: Paul Silvestri <psilvest...@gmail.com> Sent: Friday, July 5, 2024 4:54 PM To: Paul Kosinski <clamav-us...@iment.com>; Matus UHLAR - fantomas via clamav-users <clamav-users@lists.clamav.net>; Matus UHLAR - fantomas via clamav-users <clamav-users@lists.clamav.net> Cc: Khodor Barakat <khodor.bara...@outlook.com> Subject: Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan If I'm understanding your use case correctly you may want to use this tool: https://www.npmjs.com/package/clamscan Create an express app and run the daemon locally on the same server. The express app is essentially a glorified local proxy. On Jul 5, 2024, 4:46 PM -0400, Khodor Barakat via clamav-users <clamav-users@lists.clamav.net>, wrote: Thanks Paul, This was something i was looking into, like building an ssh tunnel , but it is a burden as tunnel failure would broke the entire process , I might reconsider running clamdscan locally while tunning the config and using systemd unit param to limit the resources used by clamdscan service ________________________________ From: Paul Kosinski <clamav-us...@iment.com> Sent: Friday, July 5, 2024 4:29 PM To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>; Khodor Barakat <khodor.bara...@outlook.com> Subject: Re: [clamav-users] Inquiry About Security Measures for Remote Scanning Using Clamdscan I don't think there is anything builtin to clamd, but you might consider setting up a secure tunnel(s) from the client machine(s) to the scanning machine. For example, each client machine has a little daemon that listens on a UNIX socket and is connected securely (SSH, OpenVPN etc.) to the scanning machine. That machine has a (daemon) listener on the agreed upon port which forwards the (decrypted) traffic to clamd's local UNIX socket. (The responses must be sent back, of course.) This obviously adds some overhead, but so would a similar function builtin to clamd. On Fri, 5 Jul 2024 19:32:01 +0000 Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> wrote: > Anyone has encountered this, i can see the transfer is not encrypted and > secure when doing a remote scan , > > I captured the packet on the remote server and i can see the data as clear > text , > > > [Timestamps] > [Time since first frame in this TCP stream: 0.000209756 seconds] > [Time since previous frame in this TCP stream: 0.000037349 seconds] > TCP payload (28 bytes) > Data (28 bytes) > > 0000 00 00 00 14 74 68 69 73 20 69 73 20 61 20 74 65 ....this is a te > 0010 73 74 20 66 69 6c 65 0a 00 00 00 00 st file..... > Data: 0000001474686973206973206120746573742066696c650a... > [Length: 28] > > > ________________________________ > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> > Sent: Tuesday, July 2, 2024 4:03 PM > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > Cc: Khodor Barakat <khodor.bara...@outlook.com> > Subject: [clamav-users] Inquiry About Security Measures for Remote Scanning > Using Clamdscan > > Hi, everyone > > I am writing to inquire about the security measures implemented when using > ClamAV's clamdscan for remote scanning, particularly when streaming to port > 3310. > > clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream > /tmp/testfile.txt > > cat /etc/clamd.d/remote-scan.conf > LogSyslog yes > StreamMaxLength 10M > User clamscan > TCPSocket 3310 > TCPAddr 192.168.1.100 > > > Does anyone have information on the security protocols and safeguards in > place in order to protect data during remote scans? > > Thank you for your assistance _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
