> On Oct 19, 2019, at 4:40 AM, G.W. Haywood via clamav-users > <[email protected]> wrote: > > On Fri, 18 Oct 2019, Ian via clamav-users wrote: >>> On Oct 18, 2019, at 10:10 AM, G.W. Haywood via clamav-users >>> <[email protected]> wrote: >>> On Fri, 18 Oct 2019, Ian via clamav-users wrote: >>> >>>> Government regulations require that I scan the entire filesystem daily -- >>> >>> Which government is this, and which regulations? >> >> https://nvd.nist.gov/800-53/Rev4/control/RA-5 > > I don't see where that document requires what you say it requires. >
These controls relate to each other -- this one is more on point: Malicious Code Protection https://nvd.nist.gov/800-53/Rev4/control/SI-3 <https://nvd.nist.gov/800-53/Rev4/control/SI-3> but it ties in with others like the one I cited before, and these: Continuous Monitoring https://nvd.nist.gov/800-53/Rev4/control/CA-7 <https://nvd.nist.gov/800-53/Rev4/control/CA-7> Security Assessment and Authorization https://nvd.nist.gov/800-53/Rev4/control/CA-2 <https://nvd.nist.gov/800-53/Rev4/control/CA-2> All of these are /part/ of Fedramp. Fedramp is not the only government regulation I have to deal with. >> It was determined that we needed to do daily scans by auditors >> familiar with these regulations. Please don’t blame the victim. > > Did these auditors recommend anti-virus scanning, or perhaps ClamAV? This line of questioning is completely off-topic and unhelpful. Even if it was the case that somehow I don't need to scan the /tmp folder due to government regulations, scanning temp folders is not an unreasonable request. These are actual files on a file system that could very much contain malware. Are you going to address why 'clamscan --tempdir /tmp /tmp' doesn't produce the same behavior, that 'clamdscan /tmp' does?
_______________________________________________ clamav-users mailing list [email protected] https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
