> Going beyond that, antivirus is an option. One way to run it is from a dispVM > to which you attach various private volumes (one at a time) for scanning. >
An implementation of a similar idea across several VMs is: VM1: any TemplateVM with clamav installed. VM2: AppVM based on above, which is network-connected so it can download new virus definitions. /var/lib/clamav contains the virus definitions so make it a bind-dir. VM3: DisposableVM based on the above, which is offline, that does the actual scanning. To scan a VM, use qvm-block to attach a VM's private volume to the disposable VM.[1] The actual updating and scanning can be streamlined using shell scripts run from dom0. I think the nice properties of this setup are: * distro-packaged, open source antivirus* antivirus lives outside the VM you are scanning * since the antivirus processes a lot of untrusted input, scans are done from a disposable VM3, so if it is compromised in the course of a scan, only that session is compromised* since the antivirus may process a lot of sensitive information, VM3 is also offline, making it harder for compromised antivirus to exfiltrate anything. [1]To make a DisposableVM have different NetVM than its template, you can use for VM3 the static DisposableVM created by `qvm-create --class DisposableVM --template VM2 ...`, it can have the specific NetVM setting of None, different from their template. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/LO-HhSr--3-1%40tutanota.com. For more options, visit https://groups.google.com/d/optout.