does clamav (running as dameon) gets to know somehow that there’s potenitional threat or attack runnin … by some soound alert or as notification on the control panel, or if it’s possible to set it like that
On 2014-02-15 10:46, roberto68 wrote:
>
> does clamav (running as dameon) gets to know somehow that there’s
> potenitional threat or attack runnin … by some soound alert or as
> notification on the control panel, or if it’s possible to set it like
> that
No.
And there is no daemon that I know of.
It is a file scanner, running on request. Not runtime protection. What for?
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
for desktop mainly and just to be sure, I’ve java turned off but anyways to be paranoid in case of security isn’t bad ( and I think that clamd is runnin as daemon when I do ps-ef | grep “clam” it is runnin always) .
On 2014-02-15 17:26, roberto68 wrote:
>
> for desktop mainly and just to be sure, I’ve java turned off but anyways
> to be paranoid in case of security isn’t bad ( and I think that clamd
> is runnin as daemon when I do ps-ef | grep “clam” it is runnin always) .
clamd doesn’t do what you think. Look at the manual:
+++···················
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP
socket and scans files or directories on demand. It reads the
configuration from /etc/clamd.conf
···················+±
When the daemon is running, and you want to scan a file, instead of
calling “clamscan” you call “clamdscan”. The difference is that the
second scans the file much faster because the scan engine program is
already loaded in memory (the daemon).
The daemon does not things like scanning files automatically as you
download them or try to run them. Even less warn you of attacks, because
it doesn’t even look for them.
Clamav in Linux is used, for example, integrated with a mail server,
scanning emails as the com in or out, using, for instance, amavis.
It could be used in a samba file server, to scan files that are written
to it. This particular usage I don’t know how to implement, but if
possible it will be documented somewhere.
Notice that both these usecases, specially the second, are meant to
protect the Windows machines that are served by this Linux system. The
intention is not to protect Linux itself.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
On Sat 15 Feb 2014 06:36:11 PM CST, Carlos E. R. wrote:
On 2014-02-15 17:26, roberto68 wrote:
>
> for desktop mainly and just to be sure, I’ve java turned off but
> anyways to be paranoid in case of security isn’t bad ( and I think
> that clamd is runnin as daemon when I do ps-ef | grep “clam” it is
> runnin always) .
clamd doesn’t do what you think. Look at the manual:
+++···················
DESCRIPTION
The daemon listens for incoming connections on Unix and/or TCP
socket and scans files or directories on demand. It reads the
configuration from /etc/clamd.conf
···················+±
When the daemon is running, and you want to scan a file, instead of
calling “clamscan” you call “clamdscan”. The difference is that the
second scans the file much faster because the scan engine program is
already loaded in memory (the daemon).
The daemon does not things like scanning files automatically as you
download them or try to run them. Even less warn you of attacks, because
it doesn’t even look for them.
Clamav in Linux is used, for example, integrated with a mail server,
scanning emails as the com in or out, using, for instance, amavis.
It could be used in a samba file server, to scan files that are written
to it. This particular usage I don’t know how to implement, but if
possible it will be documented somewhere.
Notice that both these usecases, specially the second, are meant to
protect the Windows machines that are served by this Linux system. The
intention is not to protect Linux itself.
Hi
Klamav the front end to clamv offers on access scanning etc. There is
also AVG Free for linux…
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
On 2014-02-15 19:53, malcolmlewis wrote:
> [/QUOTE]
> Hi
> Klamav the front end to clamv offers on access scanning etc.
Huh?
Mmm, you are right, I see on
http://sourceforge.net/projects/klamav/
this:
+++····························
Description
KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV
scanning engine, it features : ‘On Access’ Scanning * Manual Scanning *
Quarantine Management * Update Management * Mail Scanning
(KMail/Evolution) * Virus Browser
····························+±
But I don’t see how a frontend can do “on access scanning”. :-?
There must be more to it than it looks.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
On Sun 16 Feb 2014 03:24:11 AM CST, Carlos E. R. wrote:
On 2014-02-15 19:53, malcolmlewis wrote:
>
> Hi
> Klamav the front end to clamv offers on access scanning etc.
Huh?
Mmm, you are right, I see on
http://sourceforge.net/projects/klamav/
this:
+++····························
Description
KlamAV is an Anti-Virus Manager for the KDE Desktop. Based on the ClamAV
scanning engine, it features : ‘On Access’ Scanning * Manual Scanning *
Quarantine Management * Update Management * Mail Scanning
(KMail/Evolution) * Virus Browser
····························+±
But I don’t see how a frontend can do “on access scanning”. :-?
There must be more to it than it looks.
[/QUOTE]
Yes, it would appear that you need it compiled into the kernel? But
email clients will scan, eg evolution, claws (with plugin active).
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
On 2014-02-16 04:49, malcolmlewis wrote:
> Yes, it would appear that you need it compiled into the kernel? But
> email clients will scan, eg evolution, claws (with plugin active).
I think it was AVG that had on access scan via a kernel module, but I
have not heard of it in some time. It was problematic. I don’t know
about clamav, but if there is such thing, the frontend would just serve
to setup a feature that the daemon or standalone program already have. I
doubt it can do such a thing as on access scan from a frontend, but if
they claim it, I would like to know more about that. I’ll try to
investigate.
Mail scanning is different. Mail clients can do it using available
antivirus engines. Or you can set it up server wise with amavis.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
so realtime protetcion with amavis could be the best solution?? anyway this would catch your attention for sure http://www.itnews.com.au/News/358265,research-detects-dangerous-malware-hiding-in-peripherals.aspx
On Sun 16 Feb 2014 06:26:04 PM CST, roberto68 wrote:
so realtime protetcion with amavis could be the best solution?? anyway
this would catch your attention for sure http://tinyurl.com/kf7f7wc
kf7f7wc ->
http://www.itnews.com.au/News/358265,research-detects-dangerous-malware-hiding-in-peripherals.aspx
Hi
Why? What is the attack vector (as in how does it get onto a machine)?
Remember, physical access and all bets are off…
–
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.10-7-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!
On 2014-02-16 19:26, roberto68 wrote:
>
> so realtime protetcion with amavis could be the best solution??
For a mail server, yes. It only does that, mind, scan email for malware
and spam. For virus detection it needs an antivirus (or several)
installed on the system.
It does not serve to scan files shared on the same machine.
> anyway
> this would catch your attention for sure http://tinyurl.com/kf7f7wc
No big surprise, really.
If you connect something to your computer and that something does bad
things, without using the host CPU, it is not detected. Simple as that.
For instance, your friend comes in and plugs, say, an ebook on the USB
just for charging the battery. But USB is a bus, it can potentially
listen to all traffic.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
On 2014-02-16 19:42, malcolmlewis wrote:
> Hi
> Why? What is the attack vector (as in how does it get onto a machine)?
>
> Remember, physical access and all bets are off…
I would assume physical access. Ie, gadget already compromised when you
acquire (buy) it. Like selling lamp fixtures with microphones. Hey, they
could have a battery charged from the mains…
The article doesn’t say enough. The above are my guesses.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
This can be done if you use firefox and an addon
https://addons.mozilla.org/en-US/firefox/addon/fireclam/
On 2014-02-17 04:06, vazhavandan wrote:
>
> robin_listas;2625017 Wrote:
>> On 2014-02-15 17:26, roberto68 wrote:
>> The daemon does not things like scanning files automatically as you
>> download them
> This can be done if you use firefox and an addon
True! It is done by the addon, not by the daemon (or the addon using the
daemon to do the job). If you download using any other tool, it will not
be scanned. This is very different than what happens in Windows, so
people coming here expect it.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))
it’s in that video https://www.youtube.com/watch?v=pPptnMxWiCU he’s attacking 192.168.1.106 from 192.168.1.107
thanks I added fireclam to mozilla (in the description there’s that it only scan downloaded files, and I want protection against script atacks). Just theoreticaly if somebody tries targetted attack an use some exploit in e.g. apache … how could sb prevent that?
On 2014-02-17 11:46, roberto68 wrote:
>
> thanks I added fireclam to mozilla, but just theoreticaly if somebody
> tries targetted attack an use some exploit in e.g. apache … how could
> sb prevent that?
With a Linux antivirus, no way.
–
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))