Feature Request - Built-in ClamAV Control & Monitoring



  • As the title says, it would be nice to have an area to monitor ClamAV status and malware findings (notifications?) for all computers running it, as well as the ability to control ClamAV functionality.

    Maybe this is out of the scope of what Sodium would cover, as this is getting into the control and monitoring of specific software, but I figured it was worth a shot, as ClamAV seems to be a good to-to as an open source AV solution.

    Correct me if I'm wrong.



  • rkhunter is another good one against rootkits and other backdoor exploits.



  • ClamAV has been around for a very long time.

    They have a corporate version that has this functionality. So I don't know if you'd be able to use SS to do this. . .



  • I was thinking like this:

    User PC has ClamAV/ClamFS (on-access scanning). SS is being used in the environment.

    User downloads a malware file, ClamFS detects it and logs it. SS produces a notification.

    Also,
    SS also provides a basic interface for configuring ClamAV/ClamFS... like how often it scans, where it logs to, quarantine (if any), how often definitions are checked/updated, etc...



  • I'm not sure what real-time or on-access file scanning is available on Windows that is open source. I know ClamFS does it for some Linux distros, but I don't see it available for Fedora.



  • Anyways, the basic ClamAV (or something better with on-access monitoring supported in Fedora) monitoring and control in SS would be a nice touch.



  • So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?



  • I'd like to see that with Defender, too. Elevating traditionally free but limited AV to enterprise level would be a big feature.



  • @dustinb3403 said in Feature Request - Built-in ClamAV Control & Monitoring:

    ClamAV has been around for a very long time.

    They have a corporate version that has this functionality. So I don't know if you'd be able to use SS to do this. . .

    That's the beauty of open source, we can do what we want 🙂



  • @scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:

    So am I understanding... basically a free management console that gives ClamAV similar functionality to what you'd get with other commercial AV products? Central control of installation, status (running or not), patch / update level, push updates, report on findings?

    Yeah, pretty much.



  • That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.



  • @scottalanmiller said in Feature Request - Built-in ClamAV Control & Monitoring:

    That's actually been on the backlog. So definitely something that is planned, but it's a major undertaking so not something that is likely to be seen really soon. It's a lot of work to get something like that done, compared to a lot of other functionality. But definitely super useful (and cross platform) and would make SS that much more valuable to users, so something we like a lot.

    Yeah I can see how this would take a back seat for a while as there's more and better things to work on first. But it's good to know that it is on the radar.



  • It's a great idea, I can't wait till some of this stuff starts to roll out. This is where the value starts to skyrocket.



  • ClamTK is a nice ClamAV GUI for controlling the basic settings and such.

    Maybe that would be something to go off of for SS.



  • It works, I tested it with the EICAR test, even though it wouldn't be a threat on Linux.

    Paste the following line in an extension-less file, for example, just "test". Not "test.txt".

    X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

    Then see if your AV kills it.