Mailing List Archive: [clamav-users] Clamd instream scanning

[clamav-users] Clamd instream scanning

Apr 4, 2019, 9:18 AM

Post #1 of 3 (166 views)

Knowledge needed please.

When streaming files to clamd for scanning, does the daemon write the file or does it handle all in memory?

We do not have the temp directory uncommented/specified, so IF it writes it first, where does it write to?

If it writes first, then do we have the risk of another on access scanner interrupting clamd?

If it handles all in memory, then no other questions.
Thanks.

Re: [clamav-users] Clamd instream scanning [ In reply to ]

clamav-users at lists

Apr 4, 2019, 4:56 PM

Post #2 of 3 (165 views)

Permalink

Somebody with better technical knowledge than I will need to get you a complete answer, but my observations tell me that if the file requires decompressed or other type of pre-processing, then temporary files are written to disk, but scans are normally conducted in memory.

Sent from my iPad

-Al-

On Apr 4, 2019, at 09:18, Wilson, Chad - US via clamav-users <clamav-users@lists.clamav.net> wrote:
> Knowledge needed please.
>
> When streaming files to clamd for scanning, does the daemon write the file or does it handle all in memory?
>
> We do not have the temp directory uncommented/specified, so IF it writes it first, where does it write to?
>
> If it writes first, then do we have the risk of another on access scanner interrupting clamd?
>
> If it handles all in memory, then no other questions.
> Thanks.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Clamd instream scanning [ In reply to ]

clamav-users at lists

Apr 4, 2019, 6:45 PM

Post #3 of 3 (164 views)

Permalink

Hi Chad,

Some file types cannot be handled in memory, although it will keep things in memory as much as possible.

As noted in the clamd sample config:

# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp

The default temp directory, if one is not specified, is system specific, and is likely to be /tmp or /var/tmp.

-Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of "Wilson, Chad - US via clamav-users" <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Thursday, April 4, 2019 at 12:18 PM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: "Wilson, Chad - US" <cwilson@caci.com>
Subject: [clamav-users] Clamd instream scanning

Knowledge needed please.

When streaming files to clamd for scanning, does the daemon write the file or does it handle all in memory?

We do not have the temp directory uncommented/specified, so IF it writes it first, where does it write to?

If it writes first, then do we have the risk of another on access scanner interrupting clamd?

If it handles all in memory, then no other questions.
Thanks.