Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

feature request?

  

 
ClamAV users RSS feed   Index | Next | Previous | View Threaded


rekrutacja119 at gmail

May 8, 2008, 4:08 PM

Post #1 of 10 (328 views)
Permalink
feature request?
is it possible that developers will add option to clamscan, to load file
list to be scanned, from other file?

the problem is i have many users uploading files, and i log it. i want
clamscan to run like every minute or less, and scan these files from the
list, but it takes a lot of time for clamscan to load into memory
(viruses databases)

besides, it would be sensless to run clamscan for every small new file
(new CMSes have 1000's of them)

wouldn't that be easier to just be able to add like --load-from-file
option, where i can tell clamscan which files should be scanned?

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


steve at lobefin

May 8, 2008, 4:32 PM

Post #2 of 10 (318 views)
Permalink
Re: feature request? [In reply to]
On Fri, May 09, 2008 at 01:08:03AM +0200, Rekrutacja said:
> is it possible that developers will add option to clamscan, to load file
> list to be scanned, from other file?
>
> the problem is i have many users uploading files, and i log it. i want
> clamscan to run like every minute or less, and scan these files from the
> list, but it takes a lot of time for clamscan to load into memory
> (viruses databases)
>
> besides, it would be sensless to run clamscan for every small new file
> (new CMSes have 1000's of them)
>
> wouldn't that be easier to just be able to add like --load-from-file
> option, where i can tell clamscan which files should be scanned?

clamscan $(cat file) is less code to maintain, and about as easy.
--
--------------------------------------------------------------------------
| Stephen Gran | Noone ever built a statue to a critic. |
| steve[at]lobefin.net | |
| http://www.lobefin.net/~steve | |
--------------------------------------------------------------------------
Attachments: signature.asc (0.18 KB)


cswiger at mac

May 8, 2008, 4:35 PM

Post #3 of 10 (317 views)
Permalink
Re: feature request? [In reply to]
On May 8, 2008, at 4:08 PM, Rekrutacja wrote:
> is it possible that developers will add option to clamscan, to load
> file
> list to be scanned, from other file?

Can't you do this via something like:

% ls -1 > /tmp/filelist_to_scan
% xargs clamdscan < /tmp/filelist_to_scan

...?

> the problem is i have many users uploading files, and i log it. i want
> clamscan to run like every minute or less, and scan these files from
> the
> list, but it takes a lot of time for clamscan to load into memory
> (viruses databases)

Right, so use clamdscan rather than normal clamscan.

> wouldn't that be easier to just be able to add like --load-from-file
> option, where i can tell clamscan which files should be scanned?

I don't see anything wrong with the notion of having explicit support
for loading filenames from a file, but you can use xargs to place such
files onto the command-line arguments and get the same results....

--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


dennispe at inetnw

May 8, 2008, 5:43 PM

Post #4 of 10 (317 views)
Permalink
Re: feature request? [In reply to]
Chuck Swiger wrote:
> On May 8, 2008, at 4:08 PM, Rekrutacja wrote:
>> is it possible that developers will add option to clamscan, to load
>> file
>> list to be scanned, from other file?
>
> Can't you do this via something like:
>
> % ls -1 > /tmp/filelist_to_scan
> % xargs clamdscan < /tmp/filelist_to_scan

The clamd user would need to be root for this to always work. That is
probably not a good idea when scanning user space.

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


rekrutacja119 at gmail

May 8, 2008, 5:51 PM

Post #5 of 10 (317 views)
Permalink
Re: feature request? [In reply to]
Chuck Swiger wrote:
> On May 8, 2008, at 4:08 PM, Rekrutacja wrote:
>> is it possible that developers will add option to clamscan, to load
>> file
>> list to be scanned, from other file?
>
> Can't you do this via something like:
>
> % ls -1 > /tmp/filelist_to_scan
> % xargs clamdscan < /tmp/filelist_to_scan
>
> ...?

i didn't know i can give more than 1 argument to clamscan... by the way
- any idea how to scan files encoded in base64 ? there are PHP.shells on
my server, that are easly found by clamscan when in normal text, but
when encoded in base64 , clam doesn't detect anything.

i thought base64 was added already?

also, any way to add daemon but not for mails, but one that will scan
files added to some directory in the background automatically?

>
>> the problem is i have many users uploading files, and i log it. i want
>> clamscan to run like every minute or less, and scan these files from
>> the
>> list, but it takes a lot of time for clamscan to load into memory
>> (viruses databases)
>
> Right, so use clamdscan rather than normal clamscan.
>
>> wouldn't that be easier to just be able to add like --load-from-file
>> option, where i can tell clamscan which files should be scanned?
>
> I don't see anything wrong with the notion of having explicit support
> for loading filenames from a file, but you can use xargs to place such
> files onto the command-line arguments and get the same results....
>

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


cswiger at mac

May 9, 2008, 9:52 AM

Post #6 of 10 (303 views)
Permalink
Re: feature request? [In reply to]
On May 8, 2008, at 5:43 PM, Dennis Peterson wrote:
>> Can't you do this via something like:
>>
>> % ls -1 > /tmp/filelist_to_scan
>> % xargs clamdscan < /tmp/filelist_to_scan
>
> The clamd user would need to be root for this to always work. That is
> probably not a good idea when scanning user space.

If clamd doesn't have permissions to read some of the files you want
to check, use clamscan as root instead, although any potential
security risk from a maliciously crafted input file would likely
affect clamscan in such circumstances as well.

Add salt and season to taste.

--
-Chuck

_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


dennispe at inetnw

May 9, 2008, 10:25 AM

Post #7 of 10 (303 views)
Permalink
Re: feature request? [In reply to]
Chuck Swiger wrote:
> On May 8, 2008, at 5:43 PM, Dennis Peterson wrote:
>>> Can't you do this via something like:
>>>
>>> % ls -1 > /tmp/filelist_to_scan
>>> % xargs clamdscan < /tmp/filelist_to_scan
>> The clamd user would need to be root for this to always work. That is
>> probably not a good idea when scanning user space.
>
> If clamd doesn't have permissions to read some of the files you want
> to check, use clamscan as root instead, although any potential
> security risk from a maliciously crafted input file would likely
> affect clamscan in such circumstances as well.
>
> Add salt and season to taste.
>

If permissions on home dirs or (dev dirs) are set correctly clamd would
be locked out of all of them. But there's no reason to assume that would
be the case in the OP's world. If it is the case he could always pipe
files as root to the clamd socket. There's a clamd-stream client on
sourceforge from a couple years ago that may do the trick.

"I distincty said 'No salt'" - Milton

dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


edwintorok at gmail

May 10, 2008, 12:28 AM

Post #8 of 10 (299 views)
Permalink
Re: feature request? [In reply to]
Dennis Peterson wrote:
> Chuck Swiger wrote:
>
>> On May 8, 2008, at 5:43 PM, Dennis Peterson wrote:
>>
>>>> Can't you do this via something like:
>>>>
>>>> % ls -1 > /tmp/filelist_to_scan
>>>> % xargs clamdscan < /tmp/filelist_to_scan
>>>>
>>> The clamd user would need to be root for this to always work. That is
>>> probably not a good idea when scanning user space.
>>>
>> If clamd doesn't have permissions to read some of the files you want
>> to check, use clamscan as root instead, although any potential
>> security risk from a maliciously crafted input file would likely
>> affect clamscan in such circumstances as well.
>>
>> Add salt and season to taste.
>>
>>
>
> If permissions on home dirs or (dev dirs) are set correctly clamd would
> be locked out of all of them. But there's no reason to assume that would
> be the case in the OP's world. If it is the case he could always pipe
> files as root to the clamd socket. There's a clamd-stream client on
> sourceforge from a couple years ago that may do the trick.

clamdscan can do the streaming (although you can't scan anything larger
than StreamMaxLength):
$ clamdscan - <filetoscan

Best regards,
--Edwin
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


rekrutacja119 at gmail

May 10, 2008, 3:16 AM

Post #9 of 10 (288 views)
Permalink
Re: feature request? [In reply to]
Chuck Swiger wrote:
> On May 8, 2008, at 4:08 PM, Rekrutacja wrote:
>> is it possible that developers will add option to clamscan, to load
>> file
>> list to be scanned, from other file?
>
> Can't you do this via something like:
>
> % ls -1 > /tmp/filelist_to_scan
> % xargs clamdscan < /tmp/filelist_to_scan
>
> ...?

i didn't know i can give more than 1 argument to clamscan... by the way
- any idea how to scan files encoded in base64 ? there are PHP.shells on
my server, that are easly found by clamscan when in normal text, but
when encoded in base64 , clam doesn't detect anything.

i thought base64 was added already?

also, any way to add daemon but not for mails, but one that will scan
files added to some directory in the background automatically?

>
>> the problem is i have many users uploading files, and i log it. i want
>> clamscan to run like every minute or less, and scan these files from
>> the
>> list, but it takes a lot of time for clamscan to load into memory
>> (viruses databases)
>
> Right, so use clamdscan rather than normal clamscan.
>
>> wouldn't that be easier to just be able to add like --load-from-file
>> option, where i can tell clamscan which files should be scanned?
>
> I don't see anything wrong with the notion of having explicit support
> for loading filenames from a file, but you can use xargs to place such
> files onto the command-line arguments and get the same results....
>


_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html


rekrutacja119 at gmail

May 12, 2008, 2:51 AM

Post #10 of 10 (274 views)
Permalink
Re: feature request? [In reply to]
Chuck Swiger wrote:
> On May 8, 2008, at 4:08 PM, Rekrutacja wrote:
>> is it possible that developers will add option to clamscan, to load
>> file
>> list to be scanned, from other file?
>
> Can't you do this via something like:
>
> % ls -1 > /tmp/filelist_to_scan
> % xargs clamdscan < /tmp/filelist_to_scan
>
> ...?

i didn't know i can give more than 1 argument to clamscan... by the way
- any idea how to scan files encoded in base64 ? there are PHP.shells on
my server, that are easly found by clamscan when in normal text, but
when encoded in base64 , clam doesn't detect anything.

i thought base64 was added already?

also, any way to add daemon but not for mails, but one that will scan
files added to some directory in the background automatically?

>
>> the problem is i have many users uploading files, and i log it. i want
>> clamscan to run like every minute or less, and scan these files from
>> the
>> list, but it takes a lot of time for clamscan to load into memory
>> (viruses databases)
>
> Right, so use clamdscan rather than normal clamscan.
>
>> wouldn't that be easier to just be able to add like --load-from-file
>> option, where i can tell clamscan which files should be scanned?
>
> I don't see anything wrong with the notion of having explicit support
> for loading filenames from a file, but you can use xargs to place such
> files onto the command-line arguments and get the same results....
>



_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.