Henrik's right. The simple answer is that ClamAV does not do any "status for each segment". It scans files, including support for some filetypes that have to be read back-to-front and using some virus signatures that are full-file hashes. For that and more, it has to know where EOF is. So even though clamd can be fed the data as a stream, there are no partial-file results for streams.
Dave R. On Thu, Jul 2, 2015 at 5:55 AM, Henrik K <h...@hege.li> wrote: > > Let's say you have a zip file. How do you expect ClamAV to scan it packet > by > packet? Or any other data really. I think there are very few wild > signatures in database that are allowed to match any position anywhere in a > "file". Only reliable way is to scan a complete file, so it knows the > length and can decode it properly etc. > > The now abandoned HAVP proxy scanner does many tricks (filesystem mandatory > locking to "pseudo-stream" files into clamav, zip header prefetch etc) to > achieve near realtime scanning for large files and reduce "user hanging" to > a minimum. I guess this is what you are after, but ICAP can't achieve such > trickery. > > > On Thu, Jul 02, 2015 at 12:57:00PM +0530, P K wrote: > > Hi guys, > > > > Waiting for your reply. It should be simpler answer. > > > > Does ClamAv support virus checking in stream mode for large files? > > > > If i have file size of 10Mb do i have to send all data to clamAv and > clamAv > > will send status ok > > or it can scan data in each packet and return status for each segment? > > > > Thanks > > > > > > On Tue, Jun 30, 2015 at 12:28 PM, P K <pkopen...@gmail.com> wrote: > > > > > Hi Guys, > > > > > > I am new to Clamd and was trying to use it for virus scanning. > > > > > > I used squid + icap + clamAv. > > > > > > But i seen once all data is recieved clamAv INSTREAM is called and > data is > > > passed to it. > > > > > > Is it issue with icap server or Clamd doesn't support streaming > support? > > > > > > Any guidance will be helpful for me > > > and how can we make ClamAv streaming support. > > > > > > Awaiting for reply. > > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- --- Dave Raynor Talos Security Intelligence and Research Group dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
