[Clamav-users] Online virus scanning

[Dave Coventry]

There is a certain amount of interest in providing a module in Drupal
(a web Content Management System) which will submit uploaded files to
an online virus scan before acceptance by the website.

Is this already possible?

This Module: http://drupal.org/project/fileframework uses ClamAV to
scan the file before acceptance by the site, but as far as I can see,
the server needs to have ClamAV installed and this is not always the
case with hosting solutions like Godaddy, Hostmonster and other mass
hosting options.
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

Re: [Clamav-users] Tiered freshclam updates on port443

[Shawn Bakhtiar]

I would have to agree with Henrik here.

Not to allow established connection from a higher level security zone to a 
lesser one, seem to be more a design issue, than, that of clam implementation 
issue. The idea of zones should be to guard inbound, no hamper user outbound. 

It's true you can skin a cat a million ways, but some of those ways are simply 
cruel, time consuming, and of little relevance to the objective.

If there is a router acting as a firewall (PIX or Cisco 2621, etc...) the a 
simple ACL seems a much more robust solution. Of course the likely hood you are 
using internal IP address is high, which means you will need to NAT from that 
segment, which you most likely do because you need to have internet.

If the firewall is on the machine, then a simple allow statement to the right 
chain in the iptables will achieve the same thing (windows has the same level 
of security via a GUI).

In either case, the hack would be to figure it out on your network, not 
request bloatware that will be used in very few situations, given the 
complexity (thus insecurity) it introduces. (IMHO) 

Frankly my objection is a bit personal too. I hate the fact that everyone and 
everything is becoming HTTP. It is one single silly port of a possible 60,000 
+, and its protocol was designed to centralize documentation. It has now become 
the default port AND PROTOCOL for everything. This beyond ridiculous! Since now 
everyone knows where to focus there attacks! The best way to protect data is to 
keep it binary and OFF port 80 or 443.
This time in my IMNSHO

 :oP   




 Date: Sun, 16 May 2010 09:29:57 +0300
 From: h...@hege.li
 To: clamav-users@lists.clamav.net
 Subject: Re: [Clamav-users] Tiered freshclam updates on port443
 
 On Fri, May 14, 2010 at 06:34:33PM -0400, Nathan Gibbs wrote:
  
  At our site, the update server hosts clamav DBs, snort rules,  some conf
  files, etc.  The ability to protect the other data would be a plus.  It 
  would
  add another layer of defense to our setup.  However its not workable if
  Freshclam cannot speak https.  Its redundant as far as ClamAV's data 
  integrity
  goes.  However, I think its worth doing as far as hack value and
  interoperability go.
 
 Using https sounds silly in favor of more robust methods like rsync+ssh. I
 certainly would trust rsyncing a verified set of signatures more than using
 freshclam code which has had bugs in past.
 
 -1 for adding yet another external library dependency for little purpose.
 
 As far as the original poster goes, I don't think https protocol was the
 issue, only TCP port. Such human generated firewall problems are solvable
 in many ways if desired and IMHO has nothing to do with ClamAV.
 
 ___
 Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
 http://www.clamav.net/support/ml
  
_
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with 
Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendarocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml