I’m working on a rpm to scan the filesystem of a NS based on a cron (daily/weekly) with clamav. Basically I have something workable but without GUI yet.
@stephdl
Like the screenshot but am wondering if it is possible to have user defined times for the daily / weekly scans (ie. predefine time and days for the scans – hh:mm-day).
This should be a simple task if used with a crontab styled interface.
Yes, I have had similar problems with previous usage of clamscan (it might be a good idea to restrict the virus checks to the ibay, email spool / attachments, /var/www and any other user specific directories).
@stephdl
Just out of interest, can you provide a full list of the syntaxes you have used with clamscan? (as an example, have you included the various --phishing modules, the --algorithmic-detection, --scan-mail or the --log switches?)
I would be tempted to increase the max-files max-scansize, recursions and max-filesize (users may have multimedia files larger then 30mb, I also store a number of iso files / optical disc images on a NAS, some of these files could be 4gb or above).
Also, I probably would include --algorithmic-detection, --detect-broken, --scan-xmldocs, --scan-swf, --scan-hwp3 and maybe --detect-structured plus --partition-intersection
--detect-structured[=yes/no(*)]
Use the DLP (Data Loss Prevention) module to detect SSN and Credit Card numbers inside documents/text files.
why not
--algorithmic-detection[=yes(*)/no]
In some cases (eg. complex malware, exploits in graphic files, and others), ClamAV uses special algorithms to provide accurate detection. This option can be used to control
the algorithmic detection.
why not
--partition-intersection[=yes/no(*)]
Detect partition intersections in raw disk images using heuristics.
don’t know
–scan-hwp3 and --scan-xmldocs are not known by clamav.
My concern is that if you offer to much settings you can loose you end user
I am also thinking that the scan-ole2 syntax may not include the scanning of the later MS office 2003 (and above) xml / docx formats, therefore it may be wise to include the --scan-xmldocs syntax
Clam AntiVirus Scanner 0.99.1
By The ClamAV Team: http://www.clamav.net/about.html#credits
(C) 2007-2015 Cisco Systems, Inc.
--help -h Print this help screen
--version -V Print version number
--verbose -v Be verbose
--archive-verbose -a Show filenames inside scanned archives
--debug Enable libclamav's debug messages
--quiet Only output error messages
--stdout Write to stdout instead of stderr
--no-summary Disable summary at end of scanning
--infected -i Only print infected files
--suppress-ok-results -o Skip printing OK files
--bell Sound bell on virus detection
--tempdir=DIRECTORY Create temporary files in DIRECTORY
--leave-temps[=yes/no(*)] Do not remove temporary files
--database=FILE/DIR -d FILE/DIR Load virus database from FILE or load
all supported db files from DIR
--official-db-only[=yes/no(*)] Only load official signatures
--log=FILE -l FILE Save scan report to FILE
--recursive[=yes/no(*)] -r Scan subdirectories recursively
--allmatch[=yes/no(*)] -z Continue scanning within file after finding a match
--cross-fs[=yes(*)/no] Scan files and directories on other filesystems
--follow-dir-symlinks[=0/1(*)/2] Follow directory symlinks (0 = never, 1 = direct, 2 = always)
--follow-file-symlinks[=0/1(*)/2] Follow file symlinks (0 = never, 1 = direct, 2 = always)
--file-list=FILE -f FILE Scan files from FILE
--remove[=yes/no(*)] Remove infected files. Be careful!
--move=DIRECTORY Move infected files into DIRECTORY
--copy=DIRECTORY Copy infected files into DIRECTORY
--exclude=REGEX Don't scan file names matching REGEX
--exclude-dir=REGEX Don't scan directories matching REGEX
--include=REGEX Only scan file names matching REGEX
--include-dir=REGEX Only scan directories matching REGEX
--bytecode[=yes(*)/no] Load bytecode from the database
--bytecode-unsigned[=yes/no(*)] Load unsigned bytecode
--bytecode-timeout=N Set bytecode timeout (in milliseconds)
--statistics[=none(*)/bytecode/pcre] Collect and print execution statistics
--detect-pua[=yes/no(*)] Detect Possibly Unwanted Applications
--exclude-pua=CAT Skip PUA sigs of category CAT
--include-pua=CAT Load PUA sigs of category CAT
--detect-structured[=yes/no(*)] Detect structured data (SSN, Credit Card)
--structured-ssn-format=X SSN format (0=normal,1=stripped,2=both)
--structured-ssn-count=N Min SSN count to generate a detect
--structured-cc-count=N Min CC count to generate a detect
--scan-mail[=yes(*)/no] Scan mail files
--phishing-sigs[=yes(*)/no] Signature-based phishing detection
--phishing-scan-urls[=yes(*)/no] URL-based phishing detection
--heuristic-scan-precedence[=yes/no(*)] Stop scanning as soon as a heuristic match is found
--phishing-ssl[=yes/no(*)] Always block SSL mismatches in URLs (phishing module)
--phishing-cloak[=yes/no(*)] Always block cloaked URLs (phishing module)
--partition-intersection[=yes/no(*)] Detect partition intersections in raw disk images using heuristics.
--algorithmic-detection[=yes(*)/no] Algorithmic detection
--scan-pe[=yes(*)/no] Scan PE files
--scan-elf[=yes(*)/no] Scan ELF files
--scan-ole2[=yes(*)/no] Scan OLE2 containers
--scan-pdf[=yes(*)/no] Scan PDF files
--scan-swf[=yes(*)/no] Scan SWF files
--scan-html[=yes(*)/no] Scan HTML files
--scan-xmldocs[=yes(*)/no] Scan xml-based document files
--scan-hwp3[=yes(*)/no] Scan HWP3 files
--scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)
--detect-broken[=yes/no(*)] Try to detect broken executable files
--block-encrypted[=yes/no(*)] Block encrypted archives
--nocerts Disable authenticode certificate chain verification in PE files
--dumpcerts Dump authenticode certificate chain in PE files
--max-filesize=#n Files larger than this will be skipped and assumed clean
--max-scansize=#n The maximum amount of data to scan for each container file (**)
--max-files=#n The maximum number of files to scan for each container file (**)
--max-recursion=#n Maximum archive recursion level for container file (**)
--max-dir-recursion=#n Maximum directory recursion level
--max-embeddedpe=#n Maximum size file to check for embedded PE
--max-htmlnormalize=#n Maximum size of HTML file to normalize
--max-htmlnotags=#n Maximum size of normalized HTML file to scan
--max-scriptnormalize=#n Maximum size of script file to normalize
--max-ziptypercg=#n Maximum size zip to type reanalyze
--max-partitions=#n Maximum number of partitions in disk image to be scanned
--max-iconspe=#n Maximum number of icons in PE file to be scanned
--max-rechwp3=#n Maximum recursive calls to HWP3 parsing function
--pcre-match-limit=#n Maximum calls to the PCRE match function.
--pcre-recmatch-limit=#n Maximum recursive calls to the PCRE match function.
--pcre-max-filesize=#n Maximum size file to perform PCRE subsig matching.
--enable-stats Enable statistical reporting of malware
--disable-pe-stats Disable submission of individual PE sections in stats submissions
--stats-timeout=#n Number of seconds to wait for waiting a response back from the stats server
--stats-host-id=UUID Set the Host ID used when submitting statistical info.
--disable-cache Disable caching and cache checks for hash sums of scanned files.
ok got it…my human error, but it is still in development and I need feedbacks like yours
Now I’m coding for NS6 and even if it is the version 0.99, you have less options than with NS7 and the version 0.99.2
Possibly, but I’m a big fan to make settings being optional, available to the end user…but like I said, it is the coding time and the right time to modify stuffs, please stay tuned.
In the same manner, if you see non English sentences, please shout…I’m French
