-
It would be very useful to copy/move virus files into quarantine, where they could be safely examined.
Realization: maybe kind of shell script that is run after virus is found? That will make it flexible.
One can hardlink, move, remove, send, heal or do whatever he want with the file.
2009-04-27 15:10:35 UTC by airgo
-
OS: CentOS 5.2 64 Bit, ClamAV 0.95, Kernel: 2.6.18-92.22.XEN, FUSE v2.7.4, Multicore XEN System
The following behaviour is reproducable:
virus files are opened in rw mode, closed --> works in every case
virus files are opened in ro mode, closed --> At this step clamfs should block access if file is a virus. If caching is enabled this is not the case, only if caching is disabled. Therefore,
2009-04-27 15:03:45 UTC by airgo
-
I don't know if my question should turn into a ClamFS feature request or it's a FUSE limitation...
I enabled the SGID bit in a folder mounted with ClamFS, but even when using "suid" mount option in "/etc/fstab", the SGID bit doesn't take effect in new files under that folder. And "/etc/mtab" shows a "nosuid" option enabled, instead.
My "/etc/fstab" line is here:
---------------------...
2009-02-27 18:31:35 UTC by amg1127
-
I did not find attachments possibility so I just paste the code here. Regards, Olivier
/*!\file clamfs.cxx
\brief ClamFS main file
$Id: clamfs.cxx,v 1.22 2008/12/06 13:27:30 burghardt Exp $
*//*
ClamFS - An user-space anti-virus protected file system
Copyright (C) 2007,2008 Krzysztof Burghardt.
This program is free software; you can redistribute it and/or...
2009-02-25 08:02:50 UTC by oliv76
-
Hi,
I mean on access by adding some scan in the clamfs_create fuse hook of clamfs.cxx. Unfortunately I tried that and had a lot of false positive due to lstat failed error. (I checked various files permission, but I thought my error was due to the use of usb hard drive.
If I find a mean to attach the file to this thread, I will.
Regards,
Olivier.
2009-02-25 08:01:17 UTC by oliv76
-
As always: it depends.
There are many different approaches. I do not know what "on access" mean for you. I assume is not the access() function from standard C library.
Alternatively such file system can hook write(), read() or close(). Hooking write() is rather difficult, as virus can be split into sequence of 1 byte write() and some seek() calls to bypass detection. Scanning whole file on...
2009-02-15 21:38:15 UTC by burghardt
-
Hi,
I tried Clamfs several months ago (before 1.0.0), which worked fine, but I was wondering if it is possible to have on access detection instead of on open (when it is already too late), for example when the infected file is created on the file system. Maybe it is in the 1.0.0 release which I will test soon, in this case forget my query.
Regards,
Olivier.
2009-02-10 17:04:29 UTC by nobody
-
ClamFS 1.0.0 has been released today.
2009-02-07 14:42:24 UTC by burghardt
-
burghardt added the clamfs-1.0.0.tar.gz file.
2009-02-07 14:35:21 UTC by burghardt
-
burghardt created the 1.0.0 file release.
2009-02-07 14:35:08 UTC by burghardt
