Feature Request - Built-in ClamAV Control & Monitoring
-
rkhunter is another good one against rootkits and other backdoor exploits.
-
ClamAV has been around for a very long time.
They have a corporate version that has this functionality. So I don't know if you'd be able to use SS to do this. . .
-
I was thinking like this:
User PC has ClamAV/ClamFS (on-access scanning). SS is being used in the environment.
User downloads a malware file, ClamFS detects it and logs it. SS produces a notification.
Also,
SS also provides a basic interface for configuring ClamAV/ClamFS... like how often it scans, where it logs to, quarantine (if any), how often definitions are checked/updated, etc... -
I'm not sure what real-time or on-access file scanning is available on Windows that is open source. I know ClamFS does it for some Linux distros, but I don't see it available for Fedora.
-
Anyways, the basic ClamAV (or something better with on-access monitoring supported in Fedora) monitoring and control in SS would be a nice touch.
-
So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?
-
I'd like to see that with Defender, too. Elevating traditionally free but limited AV to enterprise level would be a big feature.
-
@dustinb3403 said in Feature Request - Built-in ClamAV Control & Monitoring:
ClamAV has been around for a very long time.
They have a corporate version that has this functionality. So I don't know if you'd be able to use SS to do this. . .
That's the beauty of open source, we can do what we want
-
@scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:
So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?
Yeah, pretty much.
-
That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.
-
@scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:
That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.
Yeah I can see how this would take a back seat for a while as there's more and better things to work on first. But it's good to know that it is on the radar.
-
It's a great idea, I can't wait till some of this stuff starts to roll out. This is where the value starts to skyrocket.
-
ClamTK is a nice ClamAV GUI for controlling the basic settings and such.
Maybe that would be something to go off of for SS.
-
It works, I tested it with the EICAR test, even though it wouldn't be a threat on Linux.
Paste the following line in an extension-less file, for example, just "test". Not "test.txt".
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*Then see if your AV kills it.
