Hi there,
On Wed, 29 Apr 2020, Sayanora V via clamav-users wrote:
> I would like to understand if any of the following features supported by
> ClamAV?
>
> 1. Behavior-based Protection
If you mean "Does ClamAV look at running processes?", then no, it does
not do that. It normally looks at something which would eventually be
stored in a file, even if at the time it is not so stored (for example
data can be fed to the scanner over a socket connection during a mail
server's conversation with a client, and, if the server decides not to
accept the message, then the data may never be saved to a file).
> 2. Heuristic scan
Perhaps yes, although it depends on what you mean by heuristics; see
https://www.clamav.net/documents/libclamav > 3. Script based checks for file
Yes, of course you can write scripts which use ClamAV executables and
libraries; if this answer seems vague please clarify your question.
> 4. Script based checks for traffic
ClamAV does not normally inspect network traffic directly, but because
it makes available numerous tools you could (for example) devise a way
to feed network traffic to a clamd daemon. The name of the ClamAV
'safebrowsing' feature may be misleading. This is intended _only_ to
detect URIs in email which point to malicious or compromised sites, it
does not for example monitor Web traffic in real time. There are some
initiatives which do attempt that, you will need to search for them.
The archives for this mailing list may be helpful.
> Appreciate your inputs on alternate features to mitigate the above
> functionalities(if any).
There is much more information at
https://www.clamav.net/documents > Thank you very music in advance!
(s/music/much/;)
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml