If you want a one server set up it might be possible to start/stop clamdscan faster than start clamscan if you cron job freshclam (db update daemon) each day.
I've never looked into doing it, but you might be able to run a bash script that does that. On Jul 6, 2024, 5:22 PM -0400, Khodor Barakat <khodor.bara...@outlook.com>, wrote: > Thank you, > > what you have described below is an option i am thinking of in case i go for > 2 server setup > > I am also looking and testing if i can still run clam daemon service locally > while controlling the clamd consumption and having a best tuning where it > does not overwhelm my system > > > From: Paul Silvestri <psilvest...@gmail.com> > Sent: Saturday, July 6, 2024 5:07 PM > To: Paul Kosinski <clamav-us...@iment.com>; Matus UHLAR - fantomas via > clamav-users <clamav-users@lists.clamav.net>; Khodor Barakat > <khodor.bara...@outlook.com> > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > Scanning Using Clamdscan > > Sorry if I'm misunderstanding, but if i think the best situation for you is > the following: > > Server A is running your production application. Server B has two services > running: an express application that can securely handle traffic (npm module) > and the clamdscan daemon. Server A sends the file to Server B's express > application. The express application on Server B forwards the stream to the > daemon running on Server B, localhost:XXX to localhost:YYY (not over the > public internet). You now have a remote anti-virus scanner, Server B, that > securely handles traffic. > > Is that what you're looking to do? > On Jul 6, 2024, 4:55 PM -0400, Khodor Barakat <khodor.bara...@outlook.com>, > wrote: > > Thanks Paul for the clarification, > > > > There is a misunderstanding, initially our developers are using the > > "clamscan -" to scan the streamed data in the upload form of the app, as i > > mentioned earlier clamscan has to load the entire virus database and > > initialize the scanning engine from scratch on every call, and you are > > right that clamdscan is faster and but in order to use clamdscan you need > > to have the clamd running, in my env as rhel8 the daemon runs through a > > service , what i am trying to avoid is : > > > > -The clamd process is consuming resources while running and allocating a > > usage of memory and cpu > > > > I found out that i can do remote scan using the clamdscan while the daemon > > is running on remote server dedicated for this purpose but unfortunately > > the data streamed over the remote socket is not protected . > > > > Is there is a way to run clamd service while limiting and throttling its > > usage , i was trying to set a cpu and memory limit under the systemd > > service but did not work as expected , > > > > I am looking for a configuration where clamd is using less resources when > > idle, > > > > Thanks a lot, > > > > > > > > From: Paul Silvestri <psilvest...@gmail.com> > > Sent: Friday, July 5, 2024 5:10 PM > > To: Paul Kosinski <clamav-us...@iment.com>; Matus UHLAR - fantomas via > > clamav-users <clamav-users@lists.clamav.net>; Khodor Barakat > > <khodor.bara...@outlook.com> > > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > > Scanning Using Clamdscan > > > > It shouldn't be doing that. You sound like you have the wrong configuration > > option for clamscan npm package. > > > > You need to be using the clamdscan configuration option. It sounds like > > you're using the clamscan option. > > > > Clamdscan uses the already running Daemon (only loads the database once). > > Clamscan loads the database every single time. > > > > Go read through the docs where it shows you all the options on the npm > > README. > > > > Let me know if that's not the issue. > > On Jul 5, 2024, 5:01 PM -0400, Khodor Barakat <khodor.bara...@outlook.com>, > > wrote: > > > Thanks for sharing this , > > > > > > I am currently using clamscan within my app, but the problem with > > > clamscan has to load the entire virus database and initialize the > > > scanning engine from scratch. > > > > > > Scanning a file with few kb took what a mb file would need for scanning > > > around 20 to 30s > > > From: Paul Silvestri <psilvest...@gmail.com> > > > Sent: Friday, July 5, 2024 4:54 PM > > > To: Paul Kosinski <clamav-us...@iment.com>; Matus UHLAR - fantomas via > > > clamav-users <clamav-users@lists.clamav.net>; Matus UHLAR - fantomas via > > > clamav-users <clamav-users@lists.clamav.net> > > > Cc: Khodor Barakat <khodor.bara...@outlook.com> > > > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > > > Scanning Using Clamdscan > > > > > > If I'm understanding your use case correctly you may want to use this > > > tool: > > > > > > https://www.npmjs.com/package/clamscan > > > > > > Create an express app and run the daemon locally on the same server. The > > > express app is essentially a glorified local proxy. > > > On Jul 5, 2024, 4:46 PM -0400, Khodor Barakat via clamav-users > > > <clamav-users@lists.clamav.net>, wrote: > > > > Thanks Paul, > > > > > > > > This was something i was looking into, like building an ssh tunnel , > > > > but it is a burden as tunnel failure would broke the entire process , > > > > > > > > I might reconsider running clamdscan locally while tunning the config > > > > and using systemd unit param to limit the resources used by clamdscan > > > > service > > > > > > > > From: Paul Kosinski <clamav-us...@iment.com> > > > > Sent: Friday, July 5, 2024 4:29 PM > > > > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net>; > > > > Khodor Barakat <khodor.bara...@outlook.com> > > > > Subject: Re: [clamav-users] Inquiry About Security Measures for Remote > > > > Scanning Using Clamdscan > > > > > > > > I don't think there is anything builtin to clamd, but you might > > > > consider setting up a secure tunnel(s) from the client machine(s) to > > > > the scanning machine. > > > > > > > > For example, each client machine has a little daemon that listens on a > > > > UNIX socket and is connected securely (SSH, OpenVPN etc.) to the > > > > scanning machine. That machine has a (daemon) listener on the agreed > > > > upon port which forwards the (decrypted) traffic to clamd's local UNIX > > > > socket. (The responses must be sent back, of course.) > > > > > > > > This obviously adds some overhead, but so would a similar function > > > > builtin to clamd. > > > > > > > > > > > > On Fri, 5 Jul 2024 19:32:01 +0000 > > > > Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> wrote: > > > > > > > > > Anyone has encountered this, i can see the transfer is not encrypted > > > > > and secure when doing a remote scan , > > > > > > > > > > I captured the packet on the remote server and i can see the data as > > > > > clear text , > > > > > > > > > > > > > > > [Timestamps] > > > > > [Time since first frame in this TCP stream: 0.000209756 > > > > >seconds] > > > > > [Time since previous frame in this TCP stream: 0.000037349 > > > > >seconds] > > > > > TCP payload (28 bytes) > > > > > Data (28 bytes) > > > > > > > > > > 0000 00 00 00 14 74 68 69 73 20 69 73 20 61 20 74 65 ....this is a > > > > > te > > > > > 0010 73 74 20 66 69 6c 65 0a 00 00 00 00 st file..... > > > > > Data: 0000001474686973206973206120746573742066696c650a... > > > > > [Length: 28] > > > > > > > > > > > > > > > ________________________________ > > > > > From: clamav-users <clamav-users-boun...@lists.clamav.net> on behalf > > > > > of Khodor Barakat via clamav-users <clamav-users@lists.clamav.net> > > > > > Sent: Tuesday, July 2, 2024 4:03 PM > > > > > To: clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > > > > > Cc: Khodor Barakat <khodor.bara...@outlook.com> > > > > > Subject: [clamav-users] Inquiry About Security Measures for Remote > > > > > Scanning Using Clamdscan > > > > > > > > > > Hi, everyone > > > > > > > > > > I am writing to inquire about the security measures implemented when > > > > > using ClamAV's clamdscan for remote scanning, particularly when > > > > > streaming to port 3310. > > > > > > > > > > clamdscan -c /etc/clamd.d/remote-scan.conf --fdpass --stream > > > > > /tmp/testfile.txt > > > > > > > > > > cat /etc/clamd.d/remote-scan.conf > > > > > LogSyslog yes > > > > > StreamMaxLength 10M > > > > > User clamscan > > > > > TCPSocket 3310 > > > > > TCPAddr 192.168.1.100 > > > > > > > > > > > > > > > Does anyone have information on the security protocols and safeguards > > > > > in place in order to protect data during remote scans? > > > > > > > > > > Thank you for your assistance > > > > _______________________________________________ > > > > > > > > Manage your clamav-users mailing list subscription / unsubscribe: > > > > https://lists.clamav.net/mailman/listinfo/clamav-users > > > > > > > > > > > > Help us build a comprehensive ClamAV guide: > > > > https://github.com/Cisco-Talos/clamav-documentation > > > > > > > > https://docs.clamav.net/#mailing-lists-and-chat > w
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
