Mailing List Archive: Centralised Management Console for ClamaAV Clients

Centralised Management Console for ClamaAV Clients

May 13, 2016, 5:10 AM

Post #1 of 3 (1582 views)

Hi List

I manage a fleet of clamav client installations on desktops in
multiple geographical regions and need a centralised console for:

- monitoring the status of clam on all desktop computers the client is
installed on,
- forcing an update of signatures, definitions of clients from local
freshcam mirrors
- generating statistical reports of anti-virus activity across fleets
of installations

Is there a centralised management console available for this purpose,
and if not, what would be required architecturally and technically to
implement this kind of tool?

Many thanks in advance for any info,
Traiano
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

Re: Centralised Management Console for ClamaAV Clients [ In reply to ]

smorgan at sourcefire

May 18, 2016, 12:49 PM

Post #2 of 3 (1541 views)

Permalink

Hi Traiano,

I don't know of any such console applications. If you are up for developing
something and you are using clamd, there is a protocol that runs on top of
TCP. clamdtop uses this protocol (see 'man clamd' for details). Clamd
protocol commands PING, SHUTDOWN, RELOAD, and STATS may be of interest for
this purpose. You could also consider rerouting syslog and extract info
from log files. Also, some of the programs in the ClamAV contrib directory
may provide examples and ideas. With some scripting around freshclam, you
could control database downloads centrally (note freshclam has a deamon
mode too). So, with some work, you should be able to build a nice tool
around these interfaces.

Steve
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml

Re: Centralised Management Console for ClamaAV Clients [ In reply to ]

clamav-devel at jubileegroup

May 28, 2016, 12:41 PM

Post #3 of 3 (1529 views)

Permalink

Hi there,

On Sat, 28 May 2016, Traiano Welcome wrote:

> I manage a fleet of clamav client installations on desktops in
> multiple geographical regions and need a centralised console for:
>
> - monitoring the status of clam on all desktop computers the client is
> installed on,
> - forcing an update of signatures, definitions of clients from local
> freshcam mirrors
> - generating statistical reports of anti-virus activity across fleets
> of installations
>
> Is there a centralised management console available for this purpose,
> and if not, what would be required architecturally and technically to
> implement this kind of tool?

For the monitoring and reporting I would use Nagios and a couple of
plugins. I'm not sure why you'd want a way to force updates from a
central location but I'd have thought it a very simple thing to
implement if your desktops are part of a Windows domain (or forest)
using something like the PsTools suite. If they're Linux boxes or
similar, Puppet might be the way to go. Personally I'd just use a
cron job on the client to interrogate some central resource, such
as a file on some network-mounted share or the intranet, which says
either 'reload' or 'sleep'. It doesn't need to be complicated.

--

73,
Ged.
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

http://www.clamav.net/contact.html#ml