Hi, what about passing an (alredy open) filehandle through the clamd-socket? Currently we're facing the tradeoff between giving the clamd-process more permissons or running multiple instances of the scanning-engine (clamd + clamscan) and parsing the output of clamscan with "tainted" filenames.
Thanks Am 01.02.2016 um 21:54 schrieb Steven Morgan: > Bernhard, > > Clamd does not currently support ALLMATCH mode with the INSTREAM protocol. > The only other suggestion I can offer is to preserve those files found to > contain viruses and research them separately using ALLMATCH. > > Steve > > On Mon, Feb 1, 2016 at 5:27 AM, Bernhard Vogel <[email protected]> > wrote: > >> Hi, >> >> is there an option in clamd to combine INSTREAM and ALLMATCHSCAN? >> >> We scan files which have already been locked (permission: 200 or similar) >> by another process/shellscript. Clamd runs with user "clamav" priviledges. >> At the moment we stream the content of the locked files to CLAMD with the >> INSTREAM option. >> >> Since I also require to do an allmatchscan to review our malware >> signatures, I need to combine INSTREAM and ALLMATCHSCAN. >> >> How can I ALLMATCHSCAN files only accesible by root, without doing >> something like "sudo clamscan -z ...." >> >> >> >> >> Regards, >> Bernhard >> _______________________________________________ >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > -- Torge Husfeldt Senior Anti-Abuse Engineer Hosting Security 1&1 Internet Service GmbH | Brauerstraße 50 | 76135 Karlsruhe | Germany Phone: +49 721 91374-4795 E-Mail: [email protected] | Web: www.1und1.de Hauptsitz Montabaur, Amtsgericht Montabaur, HRB 20141 Geschäftsführer: Christian Bigatà Joseph, Hans-Henning Kettler, Uwe Lamnek Member of United Internet Diese E-Mail kann vertrauliche und/oder gesetzlich geschützte Informationen enthalten. Wenn Sie nicht der bestimmungsgemäße Adressat sind oder diese E-Mail irrtümlich erhalten haben, unterrichten Sie bitte den Absender und vernichten Sie diese E-Mail. Anderen als dem bestimmungsgemäßen Adressaten ist untersagt, diese E-Mail zu speichern, weiterzuleiten oder ihren Inhalt auf welche Weise auch immer zu verwenden. This e-mail may contain confidential and/or privileged information. If you are not the intended recipient of this e-mail, you are hereby notified that saving, distribution or use of the content of this e-mail in any way is prohibited. If you have received this e-mail in error, please notify the sender and delete the e-mail. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
