hi
i'm currently analyzing integration of ClamAV into a sort of content
management system that we have. among other things users can upload
and download files to it so there's a need to do virus scanning on
the files.
my initial idea is to run virus scan for each file upload and then do
periodic scanning for all files perhaps once a month so that files
containing viruses which aren't known to ClamAV at upload time are
also caught at some point. i'm planning on running the clamd in the
background and using the TCP socket based API to command clamd to do
the scanning.
i've been exprimenting a little with the integration with ClamAV
v0.85.1 and here're some questions and comments:
- with the TCP API clamd closes the socket when it finishes. how do i
determine whether the clamd scan was successfully finished or that
the server has died unexpectedly during the scan?
- the TCP API doesn't seem to provide the same level of
parameterization. it would be nice to be able to use some of the
clamscan parameters such as --exclude, --include etc. with the API.
- the TCP API only seems to report FOUND or ERROR as return status
for each file. it would be good to also give the full return code per
file similar as with clamscan.
- what does clamd report if a file is not scanned due to a clamd
config option such as ArchiveMaxFileSize, ArchiveMaxRecursion,
ArchiveMaxFiles or MaxDirectoryRecursion? does clamd report the
decision to skip files or directories in some way?
br. aspa
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html