Mailing List Archive: [clamav-users] Remote On Access Scanning

[clamav-users] Remote On Access Scanning

Jan 2, 2020, 11:45 AM

Post #1 of 3 (350 views)

Hello,

I'm hoping someone can help me. I have ClamAV setup in network mode in an
AWS environment on two EC2 instances. I have a central server where clamd
is running and a remote client where I have clamd.conf pointed to the
central server, I can run clamdscan on the remote client, it scans and
finds the test file I have created on it. I am now trying to perform an On
Access Scan on the remote client, from what I have read about clamonacc it
requires clamd to be running alongside it. I was hoping that because I can
get clamdscan to run on the remote client the same would be true for
clamonacc, but this is not working for me. Running the command `sudo
clamonacc` results in a command on found error, I'm assuming clamonacc is
included with clamd, but clamd is not installed on the client instance as
per the documentation I found on setting up network mode (something about
clamd fussing about being pointed at a remote server). So at the moment
I'm curious if what I am trying to do is possible and if so if I am missing
a step in the setup process?

*Tom Ossman*

tossman@aspirevc.com | aspirevc.com | +1.717.468.0293

100 North Queen Street | Suite 300 | Lancaster, PA 17603

Engage with us on Twitter <https://twitter.com/AspireVC> | LinkedIn
<https://www.linkedin.com/company/aspire_ventures> | Facebook
<https://www.facebook.com/aspirevc>

The information contained in this electronic message is legally privileged
and confidential information intended only for the person to whom the
message is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution, or
copy of this electronic message is strictly prohibited. If you have
received this electronic message in error, please immediately notify us by
return electronic message, and then delete this electronic message. Thank
you.

Re: [clamav-users] Remote On Access Scanning [ In reply to ]

clamav-users at lists

Jan 2, 2020, 3:43 PM

Post #2 of 3 (350 views)

Permalink

Hi there,

On Thu, 2 Jan 2020, Tom Ossman via clamav-users wrote:

> ... a central server where clamd is running and a remote client
> where I have clamd.conf pointed to the central server, I can run
> clamdscan on the remote client, it scans and finds the test file I
> have created on it. I am now trying to perform an On Access Scan on
> the remote client, from what I have read about clamonacc it requires
> clamd to be running alongside it. I was hoping that because I can
> get clamdscan to run on the remote client the same would be true for
> clamonacc, but this is not working for me. Running the command
> `sudo clamonacc` results in a command on found error

It's possible, if unlikely, that the clamonacc binary simply isn't on
the search path. More likely, I guess, clamonacc hasn't been installed.

> I'm assuming clamonacc is included with clamd

If it came from a distro package, it depends on who packaged it.

>, but clamd is not installed on the client instance as per the
> documentation I found on setting up network mode (something about
> clamd fussing about being pointed at a remote server).

I don't know the documentation to which you refer. I use remote clamd
instances and I don't think of them as being especially fussy.

> So at the moment I'm curious if what I am trying to do is possible
> and if so if I am missing a step in the setup process?

I believe what you want to do is possible, see for example

https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html

but it might not have been forseen by the people who packaged ClamAV
for your distribution, or perhaps it was forseen but discounted as a
low priority. If you build from the sources I think you'll get what
you need (although I haven't yet seen a 'man' page for clamonacc).

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Re: [clamav-users] Remote On Access Scanning [ In reply to ]

clamav-users at lists

Jan 3, 2020, 6:53 AM

Post #3 of 3 (349 views)

Permalink

Thanks for the information, I'll try the build from source route and see
where it gets me.

*Tom Ossman*

tossman@aspirevc.com | aspirevc.com | +1.717.468.0293

100 North Queen Street | Suite 300 | Lancaster, PA 17603

Engage with us on Twitter <https://twitter.com/AspireVC> | LinkedIn
<https://www.linkedin.com/company/aspire_ventures> | Facebook
<https://www.facebook.com/aspirevc>

The information contained in this electronic message is legally privileged
and confidential information intended only for the person to whom the
message is addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, distribution, or
copy of this electronic message is strictly prohibited. If you have
received this electronic message in error, please immediately notify us by
return electronic message, and then delete this electronic message. Thank
you.

On Thu, Jan 2, 2020 at 6:44 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Thu, 2 Jan 2020, Tom Ossman via clamav-users wrote:
>
> > ... a central server where clamd is running and a remote client
> > where I have clamd.conf pointed to the central server, I can run
> > clamdscan on the remote client, it scans and finds the test file I
> > have created on it. I am now trying to perform an On Access Scan on
> > the remote client, from what I have read about clamonacc it requires
> > clamd to be running alongside it. I was hoping that because I can
> > get clamdscan to run on the remote client the same would be true for
> > clamonacc, but this is not working for me. Running the command
> > `sudo clamonacc` results in a command on found error
>
> It's possible, if unlikely, that the clamonacc binary simply isn't on
> the search path. More likely, I guess, clamonacc hasn't been installed.
>
> > I'm assuming clamonacc is included with clamd
>
> If it came from a distro package, it depends on who packaged it.
>
> >, but clamd is not installed on the client instance as per the
> > documentation I found on setting up network mode (something about
> > clamd fussing about being pointed at a remote server).
>
> I don't know the documentation to which you refer. I use remote clamd
> instances and I don't think of them as being especially fussy.
>
> > So at the moment I'm curious if what I am trying to do is possible
> > and if so if I am missing a step in the setup process?
>
> I believe what you want to do is possible, see for example
>
> https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html
>
> but it might not have been forseen by the people who packaged ClamAV
> for your distribution, or perhaps it was forseen but discounted as a
> low priority. If you build from the sources I think you'll get what
> you need (although I haven't yet seen a 'man' page for clamonacc).
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>