Yeah, I'm not sure what I was thinking in my initial reply, but I was a little off :-). The RDP file redirection just presents a filesystem on the system running guacd to both the browser (client) and the RDP server, so you should be able to capture file writes to this folder and scan them. Many of the available AV scanners will do on-access scanning and can intercept the file writes, scan the file, and then either allow or veto access. You can also probably use something like fanotify with Linux to implement this yourself, if you're so inclined, and I suspect most of the commercial AV engines that implement this functionality on Linux just do that. I know clam AV has an integration with fanotify.
This will certain cover files sent from the browser to the virtual drive (and made available to the RDP server), as well as files written to the virtual drive from the RDP server (and made available to the client). The only exception to this is the virtual "Download" folder, which may have been what I was thinking about earlier - I'm not sure that writes to that folder will be intercepted in the same way, because I cannot remember off the top of my head if those files are actually written to the directory before they are streamed to the browser. -Nick On Sun, Dec 27, 2020 at 2:40 PM sciUser <[email protected]> wrote: > The Guacamole File transfer is no different than a NFS share with security. > > Example: using /myfles/${GUAC_USRENAME} in the connection settings, you > will > need to scan anything new hitting the myfles directory on the OS level. To > prevent viral files from infecting the Guest and Host OS, remove the > ability > to execute from the myfiles directory. If you are not using CentOS with > SELinux, I recommend you use Tripwire. > > Here is what we do; We have a NAS with a 5TB share that gets carved up per > user, this is their storage container. > Now we also use CLAMAV, and Malware bytes on the containers. Any file > uploaded is done so without execute permissions. We further protect the OS > (Guac) with Tripwire and SELinux policies. > > For load balancing we do not use the native guac version, however our > platform manages all the connections by load balancing between 4 guacamole > systems or more if demand increases. > > Hope this helps. > > > > > ----- > A Cybersecurity Enablement Company > We don't just run you through the motions, Our labs teach you how to > think! > Known good Guacamole installations > > -- > Sent from: > http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
