If you're looking to expand the features of clamav; one of the up and
coming areas is VNFs / ETSI MANO (
https://wiki.opnfv.org/display/mano/ETSI-MANO). These virtual products
(MMEs, PGWs, PCRFs, routers, firewalls, etc.) ship from the various vendors
as a collection of QCOWs (or OVAs), and as a buyer of these products the
operator can't simply trust that these images are virus free
All of the existing anti-virus tools tend to run after-the-fact; meaning
you have to instantiate the product and then scan it. Which may be too
late in the process. For example, if the packages are pulled into a
receiving repository so that an NFVO can retrieve them and instantiate,
you've already contaminated the repository by receiving it (it may not be
active in the repository but it's lying in wait)
We really need a way to scan the QCOWs prior to their commitment to the
repository; before an NFVO has a chance to instantiate
Now I've managed to script around clamav, so that the QCOWs will be
guestmount-ed and scanned with clamscan. However it would be a better
solution to fold the mechanics of these image scans into the anti-virus
product itself. (For example, the wrapper also had to contend with multiple
partitions and the possibility of squashfs files, etc. - so asking every
user o do their own wrapping creates the potential for gaps or misses,
whereas evolving the anti-virus tool leads to everyone benefiting from the
lessons learned
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
http://www.clamav.net/contact.html#ml
coming areas is VNFs / ETSI MANO (
https://wiki.opnfv.org/display/mano/ETSI-MANO). These virtual products
(MMEs, PGWs, PCRFs, routers, firewalls, etc.) ship from the various vendors
as a collection of QCOWs (or OVAs), and as a buyer of these products the
operator can't simply trust that these images are virus free
All of the existing anti-virus tools tend to run after-the-fact; meaning
you have to instantiate the product and then scan it. Which may be too
late in the process. For example, if the packages are pulled into a
receiving repository so that an NFVO can retrieve them and instantiate,
you've already contaminated the repository by receiving it (it may not be
active in the repository but it's lying in wait)
We really need a way to scan the QCOWs prior to their commitment to the
repository; before an NFVO has a chance to instantiate
Now I've managed to script around clamav, so that the QCOWs will be
guestmount-ed and scanned with clamscan. However it would be a better
solution to fold the mechanics of these image scans into the anti-virus
product itself. (For example, the wrapper also had to contend with multiple
partitions and the possibility of squashfs files, etc. - so asking every
user o do their own wrapping creates the potential for gaps or misses,
whereas evolving the anti-virus tool leads to everyone benefiting from the
lessons learned
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net
http://www.clamav.net/contact.html#ml