I'm trying to achieve the following: auto mount USB key and detect if a user uploads or downloads a virus from it. An additional feature I can live without: access prevention upon virus detection.
The "OnAccessIncludePath" option in clamd configuration file seems the way to go. The best solution we could come up is: - auto-mounting key in /run/media/$USER/$KEY using udisks2 - use homemade script (based on inotifywait) to watch the /run/media for new mounted media - when so, add mount path to "OnAccessIncludePath" and restart clamd service This solution has MANY caveats, namely: - clamd takes some times (around 10s) to start. During that time the user can {up,down}load viruses. - requires some kind of supervision, if either the homemade script or the clamd service crash, the solution does not work. - can't specify mount options with udisks2 I've stumbled upon the clamfs project which seems promising. Any advice on it? Do you guys have a better way of achieving my goal? I haven't dove in the clamd source code, but from the documentation I could not find a way to feed the DDD (Dynamic Directory Determination) module new path on the fly. Thank you for your time! _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml