My use-case is this:
I have very good protection via Crowdstrike Falcon Sensor, but that only
deletes/quarantines files based on known IOCs, high malicious scores, or
behavior via machine-learning. Otherwise it still blocks processes considered
suspicious and/or due custom IOA. The downside is that some files are left
behind. What we have used in the interim to do post-alert cleanup is download
the trial version of MalwareBytes for Mac, install, scan, then remove
MalwareBytes.
I want to automate the scanning of an endpoint using ClamAV but without
permanently installing ClamAV. In Windows I can simply copy the ClamAV files
to a temp location and then initiate the scan command line with the desired
parameters like Update, Full Scan, Logging, etc. After the scan completes the
temp directory is deleted. I'm sure we can do the same with ClamAV on the Mac
but I have not seen any references to it being done yet. In documentation it
mentions the compiling of the code which I am thinking I can leverage to create
a single package to accomplish what I need but I am not fluent enough in
linux/unix to test. As an example, I was able to successfully create a
stand-alone MalwareBytes Enterprise scanner but that is not free and very
expensive so we did not want to purchase to only use it sparingly.
The permanent installation of a scanner is NOT required and proved out a few
times. Does anyone here have an idea, lead, or suggestion of how I can
accomplish this on a Mac? Thanks in advance.
Dexter R. Rivera
On 5/11/19, 9:01 AM, "clamav-users on behalf of
clamav-users-requ...@lists.clamav.net" <clamav-users-boun...@lists.clamav.net
on behalf of clamav-users-requ...@lists.clamav.net> wrote:
Send clamav-users mailing list submissions to
clamav-users@lists.clamav.net
To subscribe or unsubscribe via the World Wide Web, visit
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=02%7C01%7C%7Cf182ecec07f740dba63808d6d629f5db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636931873058741554&sdata=nax3EoCsiR6noTsd20e8tdRaWR%2FsexMvyv1wgc%2FmN9g%3D&reserved=0
or, via email, send a message with subject or body 'help' to
clamav-users-requ...@lists.clamav.net
You can reach the person managing the list at
clamav-users-ow...@lists.clamav.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
