Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29

Thread: Live "Realtime" Virus Scanner

  1. #21
    Join Date
    Feb 2010
    Location
    Land of Confusion
    Beans
    8,352
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Live "Realtime" Virus Scanner

    This thread => Recurring Discussions
    Thank you for your contributions. "So long and thanks for the fish!"

  2. #22
    Join Date
    Jul 2011
    Beans
    6

    Re: Live "Realtime" Virus Scanner

    Thanks for the answers!
    Now I tried bit defender, but there is no live scan.
    Then I tried avast, but live scan is only in the avast4server packet available. (I cant download that because its not free)
    Then I found the ClamAV (daemon). With the program "clamdtop" I am able to see the performance and activity of the daemon. Now my new problem - The running ClamAV daemon is doing nothing

    Is this correct. I edited the /etc/clamav/clamd.conf but i can't find especially configs for live scan or what happened when a infected file is found.

    Thanks in advance!

  3. #23
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,862
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Live "Realtime" Virus Scanner

    Quote Originally Posted by TZSnowboardfreak View Post
    Now my new problem - The running ClamAV daemon is doing nothing
    How do you know this? Have you tried downloading an infected file? The easiest method for testing AV is to use the "eicar.com" file. All AV scanners include this in their signature lists.

    Download eicar.com from here: http://eicar.org/download/eicar.com

  4. #24
    Join Date
    Jun 2010
    Location
    N. Wisconsin
    Beans
    Hidden!

    Re: Live "Realtime" Virus Scanner

    Flashback I thought was a UNIX virus, not a MacOS Virus >_>
    AMD PII X6 @ 3.63 GHz - 16 GB DDR3 (1600 No OC) - ASUS Crosshair V Formula
    SB X-Fi 2 Sound (8ch) - Intel 10/100/1000 Gigabit Ethernet - Win 8 Pro. x64
    AMD R HD 7950 (SAPPHIRE) - WD CG 500GB - Thermaltake Frio CPU Cooler

  5. #25
    Join Date
    Jan 2007
    Location
    Location: Location:
    Beans
    1,246
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Live "Realtime" Virus Scanner

    Well, OSX is Darwin is Unix. Flashback is written for OSX specifically, not Unix in general. I bet IOS is the next target for viruses. @op I highly doubt you have anything to worry about but if you are running a mailserver or are sharing with windows it IS a good idea to rock the clamav, yes it works.
    Last edited by |{urse; May 2nd, 2012 at 04:32 PM.
    clear && echo paste url and press enter; read paste; (youtube-dl $paste) | zenity --progress --title="" --text "Downloading, please wait" --auto-close --pulsate && ans=$(zenity --file-selection); gnome-terminal -x mplayer "$ans"

  6. #26
    Join Date
    Jul 2011
    Beans
    6

    Re: Live "Realtime" Virus Scanner

    How do you know this? Have you tried downloading an infected file? The easiest method for testing AV is to use the "eicar.com" file. All AV scanners include this in their signature lists.
    Exactly, i tried it with this file. I duplicated it in many folders and copied the folders additional fulfilled with other files on many places on my hdd.

    I think I've to see in clamdtop which file is currently scanned and it has to stop me duplicating the file or better delete this file. If I am duplicating large files, clamav has to open more threads or use CPU etc ...

    It is all time looking like this


  7. #27
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,862
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Live "Realtime" Virus Scanner

    Well clamd is exactly what it says it is, a daemon. You'd need a piece of client software that intervenes when you download a file and passes it to clamd for scanning. Clamd by itself doesn't do anything but wait for scanning requests.

    Now how you'd implement the client side of this, I don't know. Clamd is usually used to provide user-level scanning for email with procmail and clamdscan.

    I've never used AV software on Linux except to scan email with MailScanner and web objects with SquidClamAV. Neither of these is a solution designed for ordinary workstations. You could set up a cron job that scans your drives with clamscan periodically and emails you a report.

    I've been using Linux for over fifteen years and have never had a problem with viruses or malware. Of course, I know what I'm doing, and I don't visit dodgy sites or download random stuff off the Internet. ClamAV offers an on-demand scanner for Windows and new product for OS X. I don't see anything similar for Linux.
    Last edited by SeijiSensei; May 3rd, 2012 at 08:17 PM.

  8. #28
    Join Date
    Jul 2011
    Beans
    6

    Re: Live "Realtime" Virus Scanner

    Of course ... I didn't have a virus or something else on my linux machine and a scanner on this doesn't make scene. This is for an for an Server which is a samba gateway between 2 networks and user can transfer files by dropping it on an samba share. Additional it shall be possible to drop files via usb stick in this network.

    All this work is done but i have to ensure that known virus can not be transfered between the networks or usb ...

  9. #29
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    12,862
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Live "Realtime" Virus Scanner

    Other than frequently scanning the share with clamscan from Linux and deleting infected files, I don't think there's a way to implement that. Anyone using the share from Windows would need a Windows-based virus scanner on his or her own machine to implement on-the-fly scanning.

    If the share is relatively small, and the delay between when files are uploaded and when they are accessed by others is long enough, scanning from cron every few minutes might be a decent kludge. A more sophisticated solution would use the find command to identify newly-uploaded files and just scan them. An even more sophisticated solution would create a write-only quarantine area to handle uploaded files. You'd then periodically run clamscan against files in the quarantine and release those found to be clean to a read-only share, while notifying the admin of any that have viruses.

    On my (relatively fast) machine, I scanned my entire Win7 partition from Linux. It took 28 minutes to scan 18 GB even with a lot of executables (exe's, dll's, etc.). You're unlikely to have anywhere near the ratio of executables to total files as a complete Windows installation has, so I'd bet you could scan a gigabyte in less than a minute even without any limitations to the list of files to scan.
    Last edited by SeijiSensei; May 4th, 2012 at 02:49 PM.

Page 3 of 3 FirstFirst 123

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •