This still has value as it can help catch things in action. It doesn't replace
periodic scans either to catch malware discovered since the initial scan.
There are a variety of ways of doing this if scanning everything in one shot
isn't feasible. One option would be to split files up using a hash
Tripwire presumes a golden fileset at the outset, that is, scanned to the degree
possible before enabling Tripwire. The fear of zero-day loop is infinite.
dp
On 3/21/18 6:41 PM, Paul Kosinski wrote:
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamA
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamAV, identifying files using SHA1 hashing
(with a few 'stat' results like inode and timestamp for good measure).
I gave up when I realized that even if a file had already been scanned,
it might have contai
It is possible to integrate ClamAV and Tripwire to get to a scan-once
environment. Include puppet or CFEngine for a more complete tool.
dp
On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote:
Good morning Tsutomu,
Al is quite correct. clamd and clamdscan maintain no memory of what has been
sc