ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Feature Request - Built-in ClamAV Control & Monitoring

    SodiumSuite
    sodium feature request sodiumsuite
    4
    15
    1.7k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ObsolesceO
      Obsolesce
      last edited by

      I was thinking like this:

      User PC has ClamAV/ClamFS (on-access scanning). SS is being used in the environment.

      User downloads a malware file, ClamFS detects it and logs it. SS produces a notification.

      Also,
      SS also provides a basic interface for configuring ClamAV/ClamFS... like how often it scans, where it logs to, quarantine (if any), how often definitions are checked/updated, etc...

      1 Reply Last reply Reply Quote 3
      • ObsolesceO
        Obsolesce
        last edited by

        I'm not sure what real-time or on-access file scanning is available on Windows that is open source. I know ClamFS does it for some Linux distros, but I don't see it available for Fedora.

        1 Reply Last reply Reply Quote 0
        • ObsolesceO
          Obsolesce
          last edited by

          Anyways, the basic ClamAV (or something better with on-access monitoring supported in Fedora) monitoring and control in SS would be a nice touch.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller
            last edited by

            So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?

            ObsolesceO 1 Reply Last reply Reply Quote 1
            • scottalanmillerS
              scottalanmiller
              last edited by

              I'd like to see that with Defender, too. Elevating traditionally free but limited AV to enterprise level would be a big feature.

              1 Reply Last reply Reply Quote 1
              • scottalanmillerS
                scottalanmiller @DustinB3403
                last edited by

                @dustinb3403 said in Feature Request - Built-in ClamAV Control & Monitoring:

                ClamAV has been around for a very long time.

                They have a corporate version that has this functionality. So I don't know if you'd be able to use SS to do this. . .

                That's the beauty of open source, we can do what we want 🙂

                1 Reply Last reply Reply Quote 0
                • ObsolesceO
                  Obsolesce @scottalanmiller
                  last edited by

                  @scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:

                  So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?

                  Yeah, pretty much.

                  1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller
                    last edited by

                    That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.

                    ObsolesceO 1 Reply Last reply Reply Quote 1
                    • ObsolesceO
                      Obsolesce @scottalanmiller
                      last edited by

                      @scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:

                      That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.

                      Yeah I can see how this would take a back seat for a while as there's more and better things to work on first. But it's good to know that it is on the radar.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        It's a great idea, I can't wait till some of this stuff starts to roll out. This is where the value starts to skyrocket.

                        1 Reply Last reply Reply Quote 1
                        • ObsolesceO
                          Obsolesce
                          last edited by

                          ClamTK is a nice ClamAV GUI for controlling the basic settings and such.

                          Maybe that would be something to go off of for SS.

                          1 Reply Last reply Reply Quote 0
                          • ObsolesceO
                            Obsolesce
                            last edited by

                            It works, I tested it with the EICAR test, even though it wouldn't be a threat on Linux.

                            Paste the following line in an extension-less file, for example, just "test". Not "test.txt".

                            X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

                            Then see if your AV kills it.

                            1 Reply Last reply Reply Quote 0
                            • 1 / 1
                            • First post
                              Last post