On Thursday 22 January 2009 12:46:46 Craig White wrote: > On Thu, 2009-01-22 at 12:16 +0000, Anne Wilson wrote: > > On Thursday 22 January 2009 09:35:11 Ralph Angenendt wrote: > > > What do you do with clamav on a linux server? Especially: How is it run > > > by you? What do you think it protects you against on a linux server? > > > > 1 - it protects you against passing on any windows viruses to windows > > users 2 - it satisfied those auditors who can't think beyond what they > > have been told, especially if you have log proof. Logwatch's daily > > report: > > > > --------------------- clam-update Begin ------------------------ > > > > Last ClamAV update process started at Wed Jan 21 04:02:23 2009 > > > > Last Status: > > main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, > > builder: sven) > > daily.cld is up to date (version: 8881, sigs: 56877, f-level: 38, > > builder: ccordes) > > > > ---------------------- clam-update End ------------------------- > > > > > > --------------------- Clamav Begin ------------------------ > > > > > > **Unmatched Entries** > > Database correctly reloaded (936952 signatures) > > > > ---------------------- Clamav End ------------------------- > > > > That should satisfy and auditor. > > ---- > the above suggests that clamav signature files were updated and the > database reloaded but nowhere does it suggest that any scanning of the > file system occurred nor the output of such scanning which probably > never occurred. What you have demonstrated is a gymnastic exercise which > accomplishes little. clamd might be able to do something useful but it > is not indicated above. > True. As I have no windows boxes on the LAN I only run it manually, and it wasn't done on the day that that reported. The one area that I am vulnerable to is email-borne viruses, and since I am not serving those to windows boxes it is only out of curiosity that I need clamav. I'm sure there are plenty of people that can give Ralph detailed information about using it efficiently. I was merely demonstrating how easy it is to show that you keep the database up to date. You are quite right,of course, they will want to see evidence that it is scanning as well. Anne
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos