Hi Ged, Apologies for the OT follow-up. I attempted to send this off list, but was rejected.
*** Very many thanks for your extremely helpful response. I wonder if you could clear up a point you raise as I'm not a security expert, but am concerned that I might be adding unnecessarily to the risks of a security breach. You say: "NAS devices respond to requests to read and write data which come from the other devices on the network. For backup, my own feeling is that I'd much rather have something which makes calls to the devices being backed up to ask for the data but does *not* respond to devices which try to command it. Effectively there's a firewall between the devices being backed up and the backup device. Then if ransomware or similar manages to compromise any of the devices being backed up, it can't get to the backup device to do any damage there and you have a much better situation to recover from." Do you have a product or type of product in mind which would satisfy your criteria? Wouldn't it be just as dangerous to allow a storage device to command a client device to perform a particular task, as vice versa? Thanks again, Tim Pennick -----Original Message----- From: G.W. Haywood <cla...@jubileegroup.co.uk> Sent: 01 September 2022 11:35 To: tim.pennick--- via clamav-users <clamav-users@lists.clamav.net> Cc: tim.penn...@btinternet.com Subject: Re: [clamav-users] Clam AV on NAS/Personal Cloud Device? Hi there, On Thu, 1 Sep 2022, tim.pennick--- via clamav-users wrote: > Grateful for any advice, and apologies in advance for the necessarily > detailed message below. You're welcome in advance, and within reason the more detail the better. More often there isn't nearly enough. :) > I recently purchased a Western Digital MyCloud Ex2 Ultra Personal > Cloud/NAS This sort of thing has come up here before, you might want to search the mailing list archives. See the links in the headers in any list mail. > device. The firmware of this device includes an app store of > installable third party products including what they call Anti Virus > Essentials. This turns out after some investigation to be Clam Anti Virus. I *wish* people wouldn't do that. They never seem to keep on top of it, seems to me it's just the marketing department's idea. > ... the powerful Marvell ARMADA 385 1.3GHz dual-core processor, you'll > get ultra-fast transfer rates for high performance streaming. ... Yeah, yeah. > ... comes with 1GB of DDR3 memory, so you can multitask with ease." Ah. But *not* so you can use ClamAV. Unfortunately that's nowehere near enough memmory. > ... running the configuration as delivered by the firmware to do a > full scan takes several weeks to complete. I gave up when it had been > running for 2 weeks and had only reached 29%, most of which appeared > to be scanning its own libraries. Sounds about right. It would probably have been swapping like crazy. > A lengthy exchange of email messages between myself and WD support, > suggested turning off other applications such as streaming, while the > scan was running ... Well they were on the right track, but it was never really going to fly. > ... eventually yielded the advice that as this is a third party > product, I should engage with the third party supplier. Pity they didn't read the documentation before they stol^H^H^H^H bundled more bloatware which didn't cost them anything so they could put another bit of bait on the sales blurb. I used to think WD was a decent company. https://docs.clamav.net/Introduction.html#recommended-system-requirements > My questions, with many thanks to anyone still reading this Still here. :) > are: > 1. Is Clam Anti Virus appropriate and/or necessary for an environment > such as this where most of the data is actually backup files generated > by the > Windows10 Backup And Restore application. Necessary is a strong word, but it depends on how it's used. As it's based on a more or less general purpose Linux distribution it suffers from the potential risks of compromise that any network-connected box will suffer. When it comes to after-sales service and support some of the companies pushing this kind of storage have a chequered history so you're probably best advised to take security matters upon yourself. NAS devices respond to requests to read and write data which come from the other devices on the network. For backup, my own feeling is that I'd much rather have something which makes calls to the devices being backed up to ask for the data but does *not* respond to devices which try to command it. Effectively there's a firewall between the devices being backed up and the backup device. Then if ransomware or similar manages to compromise any of the devices being backed up, it can't get to the backup device to do any damage there and you have a much better situation to recover from. > 2. Is the device under-powered to run Clam AV over this amount of data > (currently approximately 3TB including music files for streaming). To put things into perspective, there are of the order of ten million signatures in the official signature database and there are third-party databases available which extend the coverage of the official one, so memory gets used up pretty quickly when you start scanning for viruses. The amount of data to be scanned is irrelevant. As things stand now the device cannot sensibly run ClamAV. Before it can even scan a 68 byte EICAR file, the scanner will use up more than 1GByte RAM just to load the 'official' signature database - and we haven't talked about keeping it up to date yet. > 3. As a total Newbie to Clam AV is there anything I can do to optimise > performance on my device? If you can put more memory into it, yes. Otherwise sorry, no, not as a total newbie. Maybe you could do things if you were very familiar with the tools. It would be a lot of work to set up and very onerous to keep up to date, something which is done more or less automatically with a vanilla installation. You'd basically need a personalized signature database which was small enough to fit in the available RAM. The effort would not justify the results. My recommendation would be don't even think about it. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
