Nethserver-clamscan think tank

@stephdl

To quote Antoine de Saint-Exupéry
“Language is the source of misunderstandings.” :wink:

2 Likes

we will need probably some tabs :’(

Since there is so much parameters, and a lot I don’t know what it deserves, I created a hidden db to write specific commands.

4 Likes

Hi,
I can execute the command after building a clamscan logfile manually. I thought it should have to be there by activating clamav at the settings of the contentfilter, isn’t it right?
I don’t have a quarantine directory either.

Can I install a web-ui like yours in post 5. I tried with

yum --enablerepo=nethforge-testing install nethserver-clamscan
but ther was nothing to install.

not yet ready, thank for your interest.

Thanks for your answer.
I’ve some ideas for functions for the webui:

  • A “scan now” function with a chance to choose which directory or file you want to scan
  • Checkboxes for the categories of PUA
  • Start the signature update manually
  • A function to restore from quarantine
3 Likes

Just wondering if we need to turn the basic scan concept, why define exclusions and not inclusions?
Where are situated suspicious files? In my opinion just in maildirs, shared folders and nextcloud data dirs.
Why not point the scan only on them? It would be more efficient and effective anyway.
What do you think?

1 Like

@alefattorini, I agree (I did suggest this in an earlier posting – re: the comment I posted 3 days ago within this thread).

Sorry I missed it, glad to see you suggested the same

Sometimes scanners are marking files as a virus, which aren’t a virus, so you have to exclude them for next scans.

2 Likes

We cannot expect what is the place of a malware, by definition, it won’t ask your permission for coming, so the scanning of the whole drive makes sense for me. I did some exclusions, and I regret them :slight_smile:

You forget also the data of wordpress in /usr/share/wordpress…that’s said, it is really hard to think all places, the easier is to scan the whole drive.

in fact the exclusion work by a regex, useful and weak (I forgot to add something on this, WIP), and like @m.traeumner said, we need to whitelist tagged files by clamav.

good idea

I thought on it, mainly that now I want to create a panel with Tabs

why not launch freshclam manually

ok here it is a hight and interesting challenge because clamav writes to its log the moved files to quarantine, there is no database to interrogate :frowning:

after the cron job we need to parse the log and create a (e-smith ?) database to restore the file in the good place…

This is for the backend, for the front end it is another game and I really (yet) don’t know how to do it, either by a table in Nethgui, or by JS in a panel…it needs some searches

To @all thank a lot for sharing your ideas.

5 Likes

Ok, considering that some web based apps do install various files in /etc, /var/lib and /usr/share (and other applications such as ejabber do use the /opt directory), I can understand the importance of virus checking the whole partition(s).

2 Likes

@stephdl,

I have been reinstalling Webmin on one of my servers and this has given me the opportunity to play with their ClamAV module.

I thought that whilst using this module, I might as well upload some screenshots so that you can compare your module with theirs.

(Screenshot01 – Main Screen)

(Screenshot02 – System Backup / Restore)

(Screenshot03 – Quarantine)

(Screenshot04 – Database Updates)

(Screenshot05 – Directories Check)






(Screenshots06 - 11 – General Settings)

(Screenshot12 – Remote Control)


(Screenshots13 & 14 – Log Viewer)


(Screenshots15 & 16 – Virus Database – [More] href links to www.viruslist.com)

(Screenshot17 – Signatures Extraction / File Analyst)

I hope that the above images gives you some ideas! :slight_smile:

The above module is hosted at


and
http://labs.libre-entreprise.org/projects/wbmclamav/

4 Likes

Thats good

I’m thinking about a table with checkboxes and a recovery button. It could be the easiest way,

All those webmin’s checkboxes make me dizzy :rolling_eyes:

2 Likes

What’s worry me is the time to code the same features…even if the development is not so active now, it started in 2004 :wink:

1 Like

@stephdl I really like you GUI. Great work as always! And it’s an essential modul for NS.
Will you also integrate the ScanOnAccess feature?

1 Like

Wait the next UI, you will love it :wink:

1 Like

Can’t await it! :heart_eyes:

3 Likes

Yes we wait, but it is difficult…
thanks for your great job.

3 Likes