On 2013-10-21 at 17:24 -0700, unix_fan wrote: > We don't have a problem running ClamAV on Linux, instead of the > Windows solution, but our Enterprise friends are wondering if anyone > has a solution - ClamAV or otherwise - that they are happy with that > also includes an Enterprise management component (e.g., reporting on > deployment status, controlled updates, etc). Bonus points if any > solution involves the Trusted Computing Module.
All updates for ClamAV normally go through freshclam. For reporting, use whatever you usually use on *nix to tail logs for current data values and exporting as a metric which can be monitored; the various files checked always log the version, whether updated or not, so you have a simple integer number which can be monitored for consistency with your normal OS management tools. If you don't currently have such a tool, you might start by looking at something like https://code.google.com/p/emtail/ which can tail various logs and export data in JSON, for compatibility with various monitoring tools; it's written in Go, so no buffer overruns, no scripting platform dependencies ("just a binary" to deploy *cough*) and should be fairly easy to satisfy yourselves as to safety for deployment to general systems. If you want to manage the deployment of updated stats more tightly, you can run freshclam (perhaps in non-daemon mode) in one place, export the files from a central place, and use custom source URLs for freshclam in the deployed hosts, instead of talking directly to external servers; you can then have two internal URLs, one for canary, and have some percentage of the fleet use the newer data, so that changes are less immediate: it's then up to your local risk management policies to balance promptness of protection against locally-proven-good data. If you do that, you can choose whether to trigger freshclam updates in the fleet "normally", in daemon mode, or as a one shot trigger from your configuration management system; or both, using a HUP to freshclam to nudge things along when wanted. -Phil _______________________________________________ Tech mailing list Tech@lists.lopsa.org https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
