Mailing List Archive

> Hi, I hope I am emailing the right address.
>
> I would like some help setting up clamav to scan remote hosts form a
> clamd server is this possible?
>

Don't you mean you want to scan hosts with a remote clamd server?
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:

> I would like some help setting up clamav to scan remote hosts
> from a clamd server is this possible?

Nearly.

In the likely setup,
each client reads the files and sends them to the server for checking.

For Linux etc. you can get a central machine (either the same server
or a different one) to connect to each client, eg with ssh, and make
it run the above scan. Alternatively you could use cron etc. to get
each client to run the scan itself and send the results to the central
machine.

For a server to scan a client you would have to make a client share
its filesystems with the server. Whilst this is possible, I suspect
(I've never tested it) that this would be slower than sending the files
over the net to be checked - the remote clam scan protocol has a low
overhead.

Suprisingly, the remote scan can be faster than running the scan
locally on each client, since the checks require a significant amount
of RAM (more than a GB) and the clamd server caches previous scan results,
so it may not need to try each virus definition on every file.

Are you looking to write the scripts yourself,
or searching for someone to do it for a fee ?

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

So I have a kali Linux server, could I use that to scan my windows vms for viruses using this "For Linux etc. you can get a central machine (either the same server or a different one) to connect to each client, eg with ssh, and make it run the above scan?"

Sorry I am quite clamav so sorry if I am being stupid but I just want a simple way to scan my LAN for viruses and get results back and not have to run 15 different clam scans on all my vms.

-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Andrew C Aitchison via clamav-users
Sent: 05 April 2024 17:21
To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
Subject: Re: [clamav-users] Help with clamav

On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:

> I would like some help setting up clamav to scan remote hosts from a
> clamd server is this possible?

Nearly.

In the likely setup,
each client reads the files and sends them to the server for checking.

For Linux etc. you can get a central machine (either the same server or a different one) to connect to each client, eg with ssh, and make it run the above scan. Alternatively you could use cron etc. to get each client to run the scan itself and send the results to the central machine.

For a server to scan a client you would have to make a client share its filesystems with the server. Whilst this is possible, I suspect (I've never tested it) that this would be slower than sending the files over the net to be checked - the remote clam scan protocol has a low overhead.

Suprisingly, the remote scan can be faster than running the scan locally on each client, since the checks require a significant amount of RAM (more than a GB) and the clamd server caches previous scan results, so it may not need to try each virus definition on every file.

Are you looking to write the scripts yourself, or searching for someone to do it for a fee ?

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk _______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:

> So I have a kali Linux server, could I use that to scan my windows
> vms for viruses using this "For Linux etc. you can get a central
> machine (either the same server or a different one) to connect to
> each client, eg with ssh, and make it run the above scan?"
>
> Sorry I am quite clamav so sorry if I am being stupid but I just
> want a simple way to scan my LAN for viruses and get results back
> and not have to run 15 different clam scans on all my vms.

I cannot speak for any Windows ClamAV packages, but the official
ClamAV and the linux packages I have seen do not have a network level
interface to do that.

Since you wish to scan VMs, there may be a way to scan them from
the host server, though that would only be safe when they are idle,
and probably only when the filesystems are unmounted.

In principal if you can make the *filesystems* inside the VM
accessible to the host, you can mount and scan them. Once upon a time
a VM had virtual disks and this was comparatively easy, but most VM
systems now hide the virtual disks and partitions, so that the host
system users cannot attack the files on the VM, or be compromised by
them.



> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Andrew C Aitchison via clamav-users
> Sent: 05 April 2024 17:21
> To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
> Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
> Subject: Re: [clamav-users] Help with clamav
>
> On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
>
>> I would like some help setting up clamav to scan remote hosts from a
>> clamd server is this possible?
>
> Nearly.
>
> In the likely setup,
> each client reads the files and sends them to the server for checking.
>
> For Linux etc. you can get a central machine (either the same server or a different one) to connect to each client, eg with ssh, and make it run the above scan. Alternatively you could use cron etc. to get each client to run the scan itself and send the results to the central machine.
>
> For a server to scan a client you would have to make a client share its filesystems with the server. Whilst this is possible, I suspect (I've never tested it) that this would be slower than sending the files over the net to be checked - the remote clam scan protocol has a low overhead.
>
> Suprisingly, the remote scan can be faster than running the scan locally on each client, since the checks require a significant amount of RAM (more than a GB) and the clamd server caches previous scan results, so it may not need to try each virus definition on every file.
>
> Are you looking to write the scripts yourself, or searching for someone to do it for a fee ?
>
> --
> Andrew C. Aitchison Kendal, UK
> andrew@aitchison.me.uk _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

If I mapped a network drive to my server running clamav would it be possible to scan that network drive?

So if I map another servers C drive to my clam server could I run a scan of that mapped c drive using clamav?



-----Original Message-----
From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Andrew C Aitchison via clamav-users
Sent: 05 April 2024 19:49
To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
Subject: Re: [clamav-users] Help with clamav

On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:

> So I have a kali Linux server, could I use that to scan my windows vms
> for viruses using this "For Linux etc. you can get a central machine
> (either the same server or a different one) to connect to each client,
> eg with ssh, and make it run the above scan?"
>
> Sorry I am quite clamav so sorry if I am being stupid but I just want
> a simple way to scan my LAN for viruses and get results back and not
> have to run 15 different clam scans on all my vms.

I cannot speak for any Windows ClamAV packages, but the official ClamAV and the linux packages I have seen do not have a network level interface to do that.

Since you wish to scan VMs, there may be a way to scan them from the host server, though that would only be safe when they are idle, and probably only when the filesystems are unmounted.

In principal if you can make the *filesystems* inside the VM accessible to the host, you can mount and scan them. Once upon a time a VM had virtual disks and this was comparatively easy, but most VM systems now hide the virtual disks and partitions, so that the host system users cannot attack the files on the VM, or be compromised by them.



> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf
> Of Andrew C Aitchison via clamav-users
> Sent: 05 April 2024 17:21
> To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
> Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
> Subject: Re: [clamav-users] Help with clamav
>
> On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
>
>> I would like some help setting up clamav to scan remote hosts from a
>> clamd server is this possible?
>
> Nearly.
>
> In the likely setup,
> each client reads the files and sends them to the server for checking.
>
> For Linux etc. you can get a central machine (either the same server or a different one) to connect to each client, eg with ssh, and make it run the above scan. Alternatively you could use cron etc. to get each client to run the scan itself and send the results to the central machine.
>
> For a server to scan a client you would have to make a client share its filesystems with the server. Whilst this is possible, I suspect (I've never tested it) that this would be slower than sending the files over the net to be checked - the remote clam scan protocol has a low overhead.
>
> Suprisingly, the remote scan can be faster than running the scan locally on each client, since the checks require a significant amount of RAM (more than a GB) and the clamd server caches previous scan results, so it may not need to try each virus definition on every file.
>
> Are you looking to write the scripts yourself, or searching for someone to do it for a fee ?
>
> --
> Andrew C. Aitchison Kendal, UK
> andrew@aitchison.me.uk
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
> _______________________________________________
>
> Manage your clamav-users mailing list subscription / unsubscribe:
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/Cisco-Talos/clamav-documentation
>
> https://docs.clamav.net/#mailing-lists-and-chat
>

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk _______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

You can use smbclient on linux not? But I have the impression you are handling this incorrectly I am always disabling file and printersharing. Maybe better is to scan a snapshot of the vm disk image?

You also have to consider the traffic you are generating, I am already having issues getting my windows images below 40GB. So all this windows crap is constantly going over your network. How often do you even want to scan? What is with this real time protection of windows is it running or not? So maybe just see if you can focus on user data + running integrity check with sfc /scannow (? not sure about this)
Maybe first start thinking a bit what it is you actually want to achieve.


> If I mapped a network drive to my server running clamav would it be
> possible to scan that network drive?
>
> So if I map another servers C drive to my clam server could I run a scan
> of that mapped c drive using clamav?
>
>
> On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
>
> > So I have a kali Linux server, could I use that to scan my windows vms
> > for viruses using this "For Linux etc. you can get a central machine
> > (either the same server or a different one) to connect to each client,
> > eg with ssh, and make it run the above scan?"
> >
> > Sorry I am quite clamav so sorry if I am being stupid but I just want
> > a simple way to scan my LAN for viruses and get results back and not
> > have to run 15 different clam scans on all my vms.
>
> I cannot speak for any Windows ClamAV packages, but the official ClamAV
> and the linux packages I have seen do not have a network level interface
> to do that.
>
> Since you wish to scan VMs, there may be a way to scan them from the host
> server, though that would only be safe when they are idle, and probably
> only when the filesystems are unmounted.
>
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

On Wed, 10 Apr 2024, Nathan Millard via clamav-users wrote:

> If I mapped a network drive to my server running clamav would it be
> possible to scan that network drive?

Yes, but ...

> So if I map another servers C drive to my clam server could I run a
> scan of that mapped c drive using clamav?

I've never actually tried that, but my recollection from when I was
backing up CIFS/SMB shares with Samba, is that you wont be able to
read any files that are open on the serving nmachine.

As Marc says, doing it this way means that every file will be
transferred over the network*.

*If your Clam server is also the VM host, the "network" is entirely
within the physical machine, so *may* be fast enough that you don't care.

> Sorry I am quite clamav so sorry if I am being stupid but I just
> want a simple way to scan my LAN for viruses and get results back
> and not have to run 15 different clam scans on all my vms.

That is likely the price you pay for a scan that doesn't require that
you send the whole disk over the network.


> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Andrew C Aitchison via clamav-users
> Sent: 05 April 2024 19:49
> To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
> Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
> Subject: Re: [clamav-users] Help with clamav
>
> On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
>
>> So I have a kali Linux server, could I use that to scan my windows vms
>> for viruses using this "For Linux etc. you can get a central machine
>> (either the same server or a different one) to connect to each client,
>> eg with ssh, and make it run the above scan?"
>>
>> Sorry I am quite clamav so sorry if I am being stupid but I just want
>> a simple way to scan my LAN for viruses and get results back and not
>> have to run 15 different clam scans on all my vms.
>
> I cannot speak for any Windows ClamAV packages, but the official ClamAV and the linux packages I have seen do not have a network level interface to do that.
>
> Since you wish to scan VMs, there may be a way to scan them from the host server, though that would only be safe when they are idle, and probably only when the filesystems are unmounted.
>
> In principal if you can make the *filesystems* inside the VM accessible to the host, you can mount and scan them. Once upon a time a VM had virtual disks and this was comparatively easy, but most VM systems now hide the virtual disks and partitions, so that the host system users cannot attack the files on the VM, or be compromised by them.
>
>
>
>> -----Original Message-----
>> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf
>> Of Andrew C Aitchison via clamav-users
>> Sent: 05 April 2024 17:21
>> To: Nathan Millard via clamav-users <clamav-users@lists.clamav.net>
>> Cc: Andrew C Aitchison <clamav@aitchison.me.uk>
>> Subject: Re: [clamav-users] Help with clamav
>>
>> On Fri, 5 Apr 2024, Nathan Millard via clamav-users wrote:
>>
>>> I would like some help setting up clamav to scan remote hosts from a
>>> clamd server is this possible?
>>
>> Nearly.
>>
>> In the likely setup,
>> each client reads the files and sends them to the server for checking.
>>
>> For Linux etc. you can get a central machine (either the same server or a different one) to connect to each client, eg with ssh, and make it run the above scan. Alternatively you could use cron etc. to get each client to run the scan itself and send the results to the central machine.
>>
>> For a server to scan a client you would have to make a client share its filesystems with the server. Whilst this is possible, I suspect (I've never tested it) that this would be slower than sending the files over the net to be checked - the remote clam scan protocol has a low overhead.
>>
>> Suprisingly, the remote scan can be faster than running the scan locally on each client, since the checks require a significant amount of RAM (more than a GB) and the clamd server caches previous scan results, so it may not need to try each virus definition on every file.
>>
>> Are you looking to write the scripts yourself, or searching for someone to do it for a fee ?

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat