My use-case is this:
I have very good protection via Crowdstrike Falcon Sensor, but that only deletes/quarantines files based on known IOCs, high malicious scores, or behavior via machine-learning. Otherwise it still blocks processes considered suspicious and/or due custom IOA. The downside is that some files are left behind. What we have used in the interim to do post-alert cleanup is download the trial version of MalwareBytes for Mac, install, scan, then remove MalwareBytes.
I want to automate the scanning of an endpoint using ClamAV but without permanently installing ClamAV. In Windows I can simply copy the ClamAV files to a temp location and then initiate the scan command line with the desired parameters like Update, Full Scan, Logging, etc. After the scan completes the temp directory is deleted. I'm sure we can do the same with ClamAV on the Mac but I have not seen any references to it being done yet. In documentation it mentions the compiling of the code which I am thinking I can leverage to create a single package to accomplish what I need but I am not fluent enough in linux/unix to test. As an example, I was able to successfully create a stand-alone MalwareBytes Enterprise scanner but that is not free and very expensive so we did not want to purchase to only use it sparingly.
The permanent installation of a scanner is NOT required and proved out a few times. Does anyone here have an idea, lead, or suggestion of how I can accomplish this on a Mac? Thanks in advance.
Dexter R. Rivera
?On 5/11/19, 9:01 AM, "clamav-users on behalf of clamav-users-request@lists.clamav.net" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users-request@lists.clamav.net> wrote:
Send clamav-users mailing list submissions to
clamav-users@lists.clamav.net
To subscribe or unsubscribe via the World Wide Web, visit
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=02%7C01%7C%7Cf182ecec07f740dba63808d6d629f5db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636931873058741554&sdata=nax3EoCsiR6noTsd20e8tdRaWR%2FsexMvyv1wgc%2FmN9g%3D&reserved=0
or, via email, send a message with subject or body 'help' to
clamav-users-request@lists.clamav.net
You can reach the person managing the list at
clamav-users-owner@lists.clamav.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
I have very good protection via Crowdstrike Falcon Sensor, but that only deletes/quarantines files based on known IOCs, high malicious scores, or behavior via machine-learning. Otherwise it still blocks processes considered suspicious and/or due custom IOA. The downside is that some files are left behind. What we have used in the interim to do post-alert cleanup is download the trial version of MalwareBytes for Mac, install, scan, then remove MalwareBytes.
I want to automate the scanning of an endpoint using ClamAV but without permanently installing ClamAV. In Windows I can simply copy the ClamAV files to a temp location and then initiate the scan command line with the desired parameters like Update, Full Scan, Logging, etc. After the scan completes the temp directory is deleted. I'm sure we can do the same with ClamAV on the Mac but I have not seen any references to it being done yet. In documentation it mentions the compiling of the code which I am thinking I can leverage to create a single package to accomplish what I need but I am not fluent enough in linux/unix to test. As an example, I was able to successfully create a stand-alone MalwareBytes Enterprise scanner but that is not free and very expensive so we did not want to purchase to only use it sparingly.
The permanent installation of a scanner is NOT required and proved out a few times. Does anyone here have an idea, lead, or suggestion of how I can accomplish this on a Mac? Thanks in advance.
Dexter R. Rivera
?On 5/11/19, 9:01 AM, "clamav-users on behalf of clamav-users-request@lists.clamav.net" <clamav-users-bounces@lists.clamav.net on behalf of clamav-users-request@lists.clamav.net> wrote:
Send clamav-users mailing list submissions to
clamav-users@lists.clamav.net
To subscribe or unsubscribe via the World Wide Web, visit
https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.clamav.net%2Fmailman%2Flistinfo%2Fclamav-users&data=02%7C01%7C%7Cf182ecec07f740dba63808d6d629f5db%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C636931873058741554&sdata=nax3EoCsiR6noTsd20e8tdRaWR%2FsexMvyv1wgc%2FmN9g%3D&reserved=0
or, via email, send a message with subject or body 'help' to
clamav-users-request@lists.clamav.net
You can reach the person managing the list at
clamav-users-owner@lists.clamav.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of clamav-users digest..."
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml