Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: proactive protection clamav (does it comunicate with user when there's threat/attack ?)

  1. #1
    Join Date
    Apr 2013
    Location
    Modra, Slovakia
    Posts
    265

    Default proactive protection clamav (does it comunicate with user when there's threat/attack ?)

    does clamav (running as dameon) gets to know somehow that there's potenitional threat or attack runnin .. by some soound alert or as notification on the control panel, or if it's possible to set it like that
    13.2 KDE 64bit tumbleweed
    Lenovo G500s, Thinkpad R500

  2. #2
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On 2014-02-15 10:46, roberto68 wrote:
    >
    > does clamav (running as dameon) gets to know somehow that there's
    > potenitional threat or attack runnin .. by some soound alert or as
    > notification on the control panel, or if it's possible to set it like
    > that


    No.

    And there is no daemon that I know of.

    It is a file scanner, running on request. Not runtime protection. What for?

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  3. #3
    Join Date
    Apr 2013
    Location
    Modra, Slovakia
    Posts
    265

    Default Re: proactive protection clamav (does it comunicate with user when there's threat/attack ?)

    for desktop mainly and just to be sure, I've java turned off but anyways to be paranoid in case of security isn't bad ( and I think that clamd is runnin as daemon when I do ps-ef | grep "clam" it is runnin always) .
    13.2 KDE 64bit tumbleweed
    Lenovo G500s, Thinkpad R500

  4. #4
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On 2014-02-15 17:26, roberto68 wrote:
    >
    > for desktop mainly and just to be sure, I've java turned off but anyways
    > to be paranoid in case of security isn't bad ( and I think that clamd
    > is runnin as daemon when I do ps-ef | grep "clam" it is runnin always) .


    clamd doesn't do what you think. Look at the manual:

    +++···················
    DESCRIPTION
    The daemon listens for incoming connections on Unix and/or TCP
    socket and scans files or directories on demand. It reads the
    configuration from /etc/clamd.conf
    ···················++-


    When the daemon is running, and you want to scan a file, instead of
    calling "clamscan" you call "clamdscan". The difference is that the
    second scans the file much faster because the scan engine program is
    already loaded in memory (the daemon).

    The daemon does not things like scanning files automatically as you
    download them or try to run them. Even less warn you of attacks, because
    it doesn't even look for them.


    Clamav in Linux is used, for example, integrated with a mail server,
    scanning emails as the com in or out, using, for instance, amavis.

    It could be used in a samba file server, to scan files that are written
    to it. This particular usage I don't know how to implement, but if
    possible it will be documented somewhere.

    Notice that both these usecases, specially the second, are meant to
    protect the Windows machines that are served by this Linux system. The
    intention is not to protect Linux itself.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  5. #5
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,317
    Blog Entries
    15

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On Sat 15 Feb 2014 06:36:11 PM CST, Carlos E. R. wrote:

    On 2014-02-15 17:26, roberto68 wrote:
    >
    > for desktop mainly and just to be sure, I've java turned off but
    > anyways to be paranoid in case of security isn't bad ( and I think
    > that clamd is runnin as daemon when I do ps-ef | grep "clam" it is
    > runnin always) .


    clamd doesn't do what you think. Look at the manual:

    +++···················
    DESCRIPTION
    The daemon listens for incoming connections on Unix and/or TCP
    socket and scans files or directories on demand. It reads the
    configuration from /etc/clamd.conf
    ···················++-


    When the daemon is running, and you want to scan a file, instead of
    calling "clamscan" you call "clamdscan". The difference is that the
    second scans the file much faster because the scan engine program is
    already loaded in memory (the daemon).

    The daemon does not things like scanning files automatically as you
    download them or try to run them. Even less warn you of attacks, because
    it doesn't even look for them.


    Clamav in Linux is used, for example, integrated with a mail server,
    scanning emails as the com in or out, using, for instance, amavis.

    It could be used in a samba file server, to scan files that are written
    to it. This particular usage I don't know how to implement, but if
    possible it will be documented somewhere.

    Notice that both these usecases, specially the second, are meant to
    protect the Windows machines that are served by this Linux system. The
    intention is not to protect Linux itself.

    Hi
    Klamav the front end to clamv offers on access scanning etc. There is
    also AVG Free for linux....

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On 2014-02-15 19:53, malcolmlewis wrote:
    > [/QUOTE]
    > Hi
    > Klamav the front end to clamv offers on access scanning etc.


    Huh?
    Mmm, you are right, I see on
    http://sourceforge.net/projects/klamav/
    this:


    +++····························
    Description

    KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV
    scanning engine, it features : 'On Access' Scanning * Manual Scanning *
    Quarantine Management * Update Management * Mail Scanning
    (KMail/Evolution) * Virus Browser
    ····························++-


    But I don't see how a frontend can do "on access scanning". :-?
    There must be more to it than it looks.

    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  7. #7
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,317
    Blog Entries
    15

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On Sun 16 Feb 2014 03:24:11 AM CST, Carlos E. R. wrote:

    On 2014-02-15 19:53, malcolmlewis wrote:
    >

    > Hi
    > Klamav the front end to clamv offers on access scanning etc.


    Huh?
    Mmm, you are right, I see on
    http://sourceforge.net/projects/klamav/
    this:


    +++····························
    Description

    KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV
    scanning engine, it features : 'On Access' Scanning * Manual Scanning *
    Quarantine Management * Update Management * Mail Scanning
    (KMail/Evolution) * Virus Browser
    ····························++-


    But I don't see how a frontend can do "on access scanning". :-?
    There must be more to it than it looks.


    [/QUOTE]
    Yes, it would appear that you need it compiled into the kernel? But
    email clients will scan, eg evolution, claws (with plugin active).

    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


  8. #8
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On 2014-02-16 04:49, malcolmlewis wrote:

    > Yes, it would appear that you need it compiled into the kernel? But
    > email clients will scan, eg evolution, claws (with plugin active).


    I think it was AVG that had on access scan via a kernel module, but I
    have not heard of it in some time. It was problematic. I don't know
    about clamav, but if there is such thing, the frontend would just serve
    to setup a feature that the daemon or standalone program already have. I
    doubt it can do such a thing as on access scan from a frontend, but if
    they claim it, I would like to know more about that. I'll try to
    investigate.

    Mail scanning is different. Mail clients can do it using available
    antivirus engines. Or you can set it up server wise with amavis.


    --
    Cheers / Saludos,

    Carlos E. R.

    (from 13.1 x86_64 "Bottle" (Minas Tirith))

  9. #9
    Join Date
    Apr 2013
    Location
    Modra, Slovakia
    Posts
    265

    Default Re: proactive protection clamav (does it comunicate with user when there's threat/attack ?)

    so realtime protetcion with amavis could be the best solution?? anyway this would catch your attention for sure http://www.itnews.com.au/News/358265...ripherals.aspx
    13.2 KDE 64bit tumbleweed
    Lenovo G500s, Thinkpad R500

  10. #10
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    32,317
    Blog Entries
    15

    Default Re: proactive protection clamav (does it comunicate with user whenthere's threat/attack ?)

    On Sun 16 Feb 2014 06:26:04 PM CST, roberto68 wrote:

    so realtime protetcion with amavis could be the best solution?? anyway
    this would catch your attention for sure http://tinyurl.com/kf7f7wc
    kf7f7wc ->
    http://www.itnews.com.au/News/358265...ripherals.aspx


    Hi
    Why? What is the attack vector (as in how does it get onto a machine)?

    Remember, physical access and all bets are off....


    --
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!


Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •