On Thu, Jul 23, 2015 at 2:08 PM, G.W. Haywood <cla...@jubileegroup.co.uk> wrote:
> Hi there, > > On Thu, 23 Jul 2015, Phil Dumont wrote: > > I'm considering using clamav on a machine that is not (can not be) on the >> network (any network, not even a local one). >> > > Unless you can give more detail amounting to some sort of a case for > doing this, my immediate reaction would be a little less circumspect > than Mr. Swiger's. I'd say forget the idea, it's a waste of time, > and it might even be counterproductive. > > Firstly, the detection rate that you'll get is likely to be poor for > very recent threats (not least) because your out-of-band updates will > probably be tardy. > True enough. But would this not be mitigated by the fact that the more recent threats will propagate to the machine more slowly without a network connection? > > Secondly, without any network connection you'll have trouble keeping > the software on this mysterious machine up-to-date, which will mean > that it's rather more vulnerable to attack than it otherwise would be. > Also true enough, but same mitigating factor. > > Taken together these things lead me to postulate that your non-networked > computer will be more likely to be compromised by things like malicious > files on removable media (precisely the sort of thing you'll be using to > tardily transfer the database updates I suppose), than it would be if it > were networked after all. > Exactly correct. There is no network-borne threat. Removable media is the only thing being protected against. > > But as Chuck says, it's all really up to you. > Well, as I said in my reply to Chuck, it's not really up to me. It's up to the folk I'm maintaining the system for. Which is exactly why I wanted logging of the definition updates -- so I could show them it's being done. > > Out of interest, what operating system will the unsociable computer run? CentOS 6 > > > -- > > 73, > Ged. > > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
