I'm trying to achieve the following: auto mount USB key and detect if a
user uploads or downloads a virus from it.
An additional feature I can live without: access prevention upon virus
detection.
The "OnAccessIncludePath" option in clamd configuration file seems the way
to go. The best solution we could come up is:
- auto-mounting key in /run/media/$USER/$KEY using udisks2
- use homemade script (based on inotifywait) to watch the /run/media for
new mounted media
- when so, add mount path to "OnAccessIncludePath" and restart clamd
service
This solution has MANY caveats, namely:
- clamd takes some times (around 10s) to start. During that time the user
can {up,down}load viruses.
- requires some kind of supervision, if either the homemade script or the
clamd service crash, the solution does not work.
- can't specify mount options with udisks2
I've stumbled upon the clamfs project which seems promising. Any advice on
it?
Do you guys have a better way of achieving my goal?
I haven't dove in the clamd source code, but from the documentation I could
not find a way to feed the DDD (Dynamic Directory Determination) module new
path on the fly.
Thank you for your time!
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
