Thank you for your answer. But in that case, I'll have to scan the
entire key. As it could take some time, I prefer the on access approach.
In addition this does not detect when a virus is copied to the key after
the initial scan.
On 29/06/16 01:39, Che wrote:
> On Tue, Jun 28, 2016 at 6:15 AM, john doe wrote:
>
>> I'm trying to achieve the following: auto mount USB key and detect if a
>> user uploads or downloads a virus from it.
>> An additional feature I can live without: access prevention upon virus
>> detection.
>>
>> The "OnAccessIncludePath" option in clamd configuration file seems the way
>> to go. The best solution we could come up is:
>> - auto-mounting key in /run/media/$USER/$KEY using udisks2
>> - use homemade script (based on inotifywait) to watch the /run/media for
>> new mounted media
>> - when so, add mount path to "OnAccessIncludePath" and restart clamd
>> service
>>
>> This solution has MANY caveats, namely:
>> - clamd takes some times (around 10s) to start. During that time the user
>> can {up,down}load viruses.
>> - requires some kind of supervision, if either the homemade script or the
>> clamd service crash, the solution does not work.
>> - can't specify mount options with udisks2
>>
>> I've stumbled upon the clamfs project which seems promising. Any advice on
>> it?
>>
>> Do you guys have a better way of achieving my goal?
>>
>
>
> Wouldn't running these as a systemd service -- with an explicit 'path'
> service written for mounting USB devices and then clamAV scanning them,
> etc. -- do what you want?
>
>
>
>
>
>
>
>
>
>
>
>>
>> I haven't dove in the clamd source code, but from the documentation I could
>> not find a way to feed the DDD (Dynamic Directory Determination) module new
>> path on the fly.
>>
>> Thank you for your time!
>> ___
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> ___
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
___
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml