On-access AV scanning

Daniel Bye freebsd-questions at slightlystrange.org
Fri Jul 27 15:50:38 UTC 2012 

On Fri, Jul 27, 2012 at 10:02:26AM -0500, Paul Schmehl wrote:
> --On July 27, 2012 11:43:08 AM +0100 Daniel Bye
> <freebsd-questions at slightlystrange.org> wrote:
> 
> >Are there any current options available to support on-access antivirus
> >scanning on FreeBSD?
> >
> 
> Clamav.

I use it on my home mail server (I have a Windows machine on my network, so
want to trap anything nasty that comes in to protect that). It integrates
well with exim's malware ACL checks.

> 
> I did some testing several years ago with ClamAV, Sophos and McAfee
> (scanning incoming mail), and ClamAV was comparable to McAfee in
> detection rates - over 98%.

Yes, it's a good product, no doubt.

> 
> If you run the daemon you have on access scanning.  Seems like that
> would satisfy the policy.

No - the daemon only provides on-demand scanning on FreeBSD. That is, it
only scans files that are explicitly passed to it by some other process -
usually an MTA or the clamscan command line tool.  On-access scanning
requires an additional layer on top of the file system, which intercepts
certain file system operations, sending files transparently to the scanner. 
Opening a file in your editor, for example, might cause the file to first be
scanned before your editor can get it.  Likewise, trying to download
something from the web in your browser would cause the file to be scanned
before it's saved to disk.  That's what the dazuko port was for (although it
doesn't work on FreeBSD9, and the latest version is a Linux-only rewrite.)
As Polytropon pointed out, it should be possible to create a passing
approximation by using FAM/Gamin.

Thanks, everyone, for all your input. I think I have enough to be able to
put a strong case forward.

Dan

-- 
Daniel Bye
                                                                     _
                                              ASCII ribbon campaign ( )
                                         - against HTML, vCards and  X
                                - proprietary attachments in e-mail / \
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20120727/bf56b203/attachment.pgp

More information about the freebsd-questions mailing list