I am wondering what is the recommended way to use Clamav ?
Is there a way to set up a crontab file to run clamscan automatically ?
Will clamscan detect a State Trojan ?
Hi,
I am wondering what is the recommended way to use Clamav ?
this depends on what you are trying to achieve. Could you please be more specific?
Is there a way to set up a crontab file to run clamscan automatically ?
There is one, but what are trying to solve with it? If you run file scans,
you will have to monitor their results otherwise they are useless. More
sophisticated attacks are hard to spot by filescans, as these tend to be more
and more fileless, keeping the entire malware in the RAM.
Will clamscan detect a State Trojan ?
Most probably not. There might be some heuristic alerts (regarding packers,
for example), but I am pretty sure the ladies and gentlemen behind those will
check their malware against most common AV scanners, which includes ClamAV.
Thanks, and best regards,
Peter Müller
Thanks for the quick response.
I think that I will just run clamscan during login on the console to check the root directory.
Does IPFire do any malware checking of its own ?
Hi,
I think that I will just run clamscan during login on the console to check the root directory.
this will take quite a while, thus massively delaying login procedures.
Frankly, I do not think it will help against sophisticated attackers: If they managed to compromise
your firewall, they will most probably be able to evade a signature-based (!) AV scanner as well.
Does IPFire do any malware checking of its own ?
Not at such. We hardened both kernel and userspace programs, and continue to do so. Kernel rootkits,
which usually come as a kernel module, cannot be loaded anymore due to the kernel being singed.
The devices behind IPFire are normally more vulnerable, as they run untrusted code from third parties,
such as JavaScript within web sites or even mails (some MUAs are still processing them), have orphaned
software installed, rely on proprietary drivers and stuff, etc., etc., etc.
Perhaps your network will be more secure if you put your effort in hardening those.
Thanks, and best regards,
Peter Müller