Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Remote scanning hostname?
jrobison at springbuk
May 29, 2020, 9:39 AM
Post #1 of 2 (271 views)
Permalink
Hi,

We use a client/server setup where clamd runs on one server and exposes a
port, and other servers connect to it using TCPAddr in their configuration.

I see that on the clamd server I can use something like `VirusEvent `echo
"Virus detected: %v"` when a virus is detected, but this doesn't tell me
which client node has the virus. Is there a way for the clamd server to
report the hostname (or IP, or any kind of identifier) of the client when a
virus is detected?

Thanks.

--

John Robison

Senior DevOps Engineer
jrobison@springbuk.com
412 326 9522 <412%326%9522>

Springbuk®
please note: This transmission contains information from Springbuk, Inc.
which may be confidential and/or privileged. The information is intended
to be for the exclusive use of the individual(s) or entity named above. If
you are not the intended recipient, be advised that any disclosure,
copying, distribution or other use of this information is strictly
prohibited. If you receive this transmission in error, please notify me
via e-mail me at the address listed above. Thank you.
Re: [clamav-users] Remote scanning hostname? [ In reply to ]
clamav-users at lists
May 29, 2020, 9:52 AM
Post #2 of 2 (271 views)
Permalink
Hi there,

On Fri, 29 May 2020, John Robison wrote:

> We use a client/server setup where clamd runs on one server and exposes a
> port, and other servers connect to it using TCPAddr in their configuration.
>
> I see that on the clamd server I can use something like `VirusEvent `echo
> "Virus detected: %v"` when a virus is detected, but this doesn't tell me
> which client node has the virus. Is there a way for the clamd server to
> report the hostname (or IP, or any kind of identifier) of the client when a
> virus is detected?

It already does that:

# grep FOUND mail.info | tail -n 1
May 17 00:19:43 mailscanner clamd[1427]: instream(192.168.44.25@37210): Sanesecurity.Spam.12727.UNOFFICIAL FOUND

Perhaps you can share your configuration?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal