On Oct 5, 2004, at 6:08 AM, gillian wrote:
Thank you so much for your response, but boy, now I am confused. Are you
saying I should be using amavis not clamav? This is the 2nd response
with an amavis url in it.
Amavis is a program that can work in conjunction with ClamAV.
Most UNIX systems work in a "black box" philosophy (although this seems to be starting to drift away, unfortunately). Tasks are done with components. When one "box" is done with a task, it hands it off to the next. That's why there are so many system commands and such a love of scripting from old hat UNIX users...there are so many small, specialized programs that can be chained together to achieve a particular goal.
ClamAV is a virus scanner. It will scan for and identify viruses. It will not clean them, it will not delete them (although Clamscan can be told to, iirc).
The most common setup for Clam users is to use it on mail servers. Why? It goes like this.
Your incoming MTA gets a message (postfix, sendmail, whatever). That program is told to hand it off to a processor of some sort...for many people, amavisd. Amavis is a set of scripts that will take that mail message and wring it through a virus scanner (you can configure the scanner(s) to scan with). When the scanner hands it back to amavis, it tells it "yes, it's infected with X" or "Clean!". Amavis then, if the message is clean, can scan the mail message with Spamassassin to score it for spam. If it doesn't hit the spam threshold, it returns it to your mail delivery system for delivery to the intended recipient. If the message was returned to Amavis as "infected", amavis can quarantine the message or delete it and/or alert the system administrator with a warning message.
So you can see...clam is flexible and can be used as a component in a larger system. This is also why you would use the daemonized clamd to scan things...for email. Amavis just throws the message to clamd and it doesn't keep reloading the database on a medium or heavily loaded system.
Clam also includes the per-file scanner, clamscan. Same database and scan engine, but meant for a user to call it for scanning a directory or file manually.
I believe there are people using Clamzuko or some other program to try running as-you-access scanning...you know, constantly scanning files as the system uses them. Kind of resource intensive and, in my opinion, a waste, since on Linux/OS X there's been what, two viruses if even that? Clam is more effective at scanning and quarantining viruses on their way to Windows systems, especially since OS X and Linux/FreeBSD are immune. I wouldn't want access scanning anyway, since I keep some of the wonderful self-emailed samples on my laptop for testing the mail server when reconfiguring or upgrading to make sure it's still catching the little boogers. I've already had some Windows scanners that keep trying to delete an archived installer file of a Windows antivirus because it has the eicar test in it...finds it whenever I copy the installer to a machine to install the antivirus from. Stupid catch-22. @#$!%
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
