[clamav-users] ClamAV private mirror

[David Smith]

The ClamAV docs on private local mirrors recommends using a proxy server and 
mentions squid.

Anybody any experience of using squid to do this? Even better does anybody have 
the important parts of squid.conf they could share with me?

We already run our ClamAV updates through squid as part of a whitelisting 
process so I'm really only interested in squid at the moment.

Thanks.

___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav and DLP

[Steven Morgan]

Hi Alex,

There aren't any other external controls for DLP beside the configuration
parameters. Customization of the source code (libclamav/dlp.c) is possible
via C programming. There are currently no active DLP development plans.

Hope this helps,
Steve

On Mon, Feb 20, 2017 at 7:54 PM, Alex  wrote:

> Hi,
>
> I'm interested in using clamav on fedora25 for data loss prevention in
> addition to the virus scanning we're already doing. Is there any
> documentation on how this all works other than enabling the DLP
> options in the config file?
>
> How do I add my own credit card patterns to be tagged? How about
> excluding them? What are the default patterns that are included?
>
> Is there active development going on with clamav in this area?
>
> Thanks,
> Alex
>
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamav and DLP

[G.W. Haywood]

Hi there,

On Tue, 21 Feb 2017, Alex wrote:


I'm interested in using clamav on fedora25 for data loss prevention ...


If I were going there, I wouldn't start from here. :)

If you can code in Perl (admittedly not everyone's cup of tea), then
you might find something like MIMEDefang is more flexible than hacking
the ClamAV sources.

There's also a milter called 'milter-regex' which I find very useful.
I don't know how easy it would be for you to integrate that into your
system, and its method takes a bit of getting used to, but it works
well and is economical on resources.  This is the top few processes
by memory usage on one of my mailservers:

8<--
top - 17:18:30 up 27 days, 22:36,  5 users,  load average: 0.00, 0.01, 0.00
Tasks: 158 total,   1 running, 157 sleeping,   0 stopped,   0 zombie
%Cpu(s):  0.2 us,  1.0 sy,  0.0 ni, 98.8 id,  0.0 wa,  0.0 hi,  0.0 si,  0.0 st
KiB Mem:  16469444 total, 12669948 used,  3799496 free,   197820 buffers
KiB Swap:  3212284 total,0 used,  3212284 free. 11273632 cached Mem

  PID USER  PR  NIVIRTRESSHR S  %CPU %MEM TIME+ COMMAND
  11655 clamav20   0  918044 586608  24044 S   0.0  3.6  17:41.44 
/usr/sbin/clamd ...
   3955 defang20   0  171508  86980   8168 S   0.0  0.5   0:19.45 
/usr/bin/perl /usr/bin/mimedefang.pl -f /etc/mail/mimedefang-filter -server
  17523 defang20   0  162528  79712   7840 S   0.0  0.5   0:02.28 
/usr/bin/perl /usr/bin/mimedefang.pl -f /etc/mail/mimedefang-filter -server
  17471 defang20   0  160480  79676   7792 S   0.0  0.5   0:02.33 
/usr/bin/perl /usr/bin/mimedefang.pl -f /etc/mail/mimedefang-filter -server
  24300 mail  20   0   92940  27460   3848 S   0.0  0.2   0:00.29 
xmas-milter
  24303 mail  20   0   90504  24904   3848 S   0.0  0.2   0:00.18 
xmas-milter
  24299 mail  20   0   89888  24408   3828 S   0.0  0.1   0:00.25 
xmas-milter
  24301 mail  20   0   89732  24160   3828 S   0.0  0.1   0:00.17 
xmas-milter
  24302 mail  20   0   89420  23828   3828 S   0.0  0.1   0:00.12 
xmas-milter
  24298 mail  20   0   87852  21628   3020 S   0.0  0.1   0:00.02 
xmas-milter
  11628 smmsp 20   0  246328  21556324 S   0.0  0.1   4:23.97 
/usr/local/sbin/milter-regex -c /etc/mail/milter-regex.conf ...
8<--

It almost goes without saying that these should only be backstops in
any system which handles sensitive information.

--

73,
Ged.
___
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml