[prev in list] [next in list] [prev in thread] [next in thread]
List: clamav-users
Subject: Re: [clamav-users] Clamd instream scanning
From: "Micah Snyder \(micasnyd\) via clamav-users" <clamav-users () lists ! clamav ! net>
Date: 2019-04-05 1:45:02
Message-ID: 2E3F0565-E847-4A61-A96D-F666E2387D32 () cisco ! com
[Download RAW message or body]
[Attachment #2 (text/plain)]
Hi Chad,
Some file types cannot be handled in memory, although it will keep things in memory \
as much as possible.
As noted in the clamd sample config:
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
#TemporaryDirectory /var/tmp
The default temp directory, if one is not specified, is system specific, and is \
likely to be /tmp or /var/tmp.
-Micah
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of "Wilson, Chad \
- US via clamav-users" <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Thursday, April 4, 2019 at 12:18 PM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: "Wilson, Chad - US" <cwilson@caci.com>
Subject: [clamav-users] Clamd instream scanning
Knowledge needed please.
When streaming files to clamd for scanning, does the daemon write the file or does it \
handle all in memory?
We do not have the temp directory uncommented/specified, so IF it writes it first, \
where does it write to?
If it writes first, then do we have the risk of another on access scanner \
interrupting clamd?
If it handles all in memory, then no other questions.
Thanks.
[Attachment #3 (text/html)]
<html xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi Chad,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Some file types cannot be handled in memory, although it will \
keep things in memory as much as possible. <o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">As noted in the clamd sample config:<br>
<br>
<o:p></o:p></p>
<p class="MsoNormal" style="margin-left:.5in"># Optional path to the global temporary \
directory.<o:p></o:p></p> <p class="MsoNormal" style="margin-left:.5in"># Default: \
system specific (usually /tmp or /var/tmp).<o:p></o:p></p> <p class="MsoNormal" \
style="margin-left:.5in">#TemporaryDirectory /var/tmp<o:p></o:p></p> <p \
class="MsoNormal"><o:p> </o:p></p> <p class="MsoNormal">The default temp \
directory, if one is not specified, is system specific, and is likely to be /tmp or \
/var/tmp.<o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">-Micah<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:12.0pt;color:black">From: \
</span></b><span style="font-size:12.0pt;color:black">clamav-users \
<clamav-users-bounces@lists.clamav.net> on behalf of "Wilson, Chad - US \
via clamav-users" <clamav-users@lists.clamav.net><br> <b>Reply-To: \
</b>ClamAV users ML <clamav-users@lists.clamav.net><br> <b>Date: </b>Thursday, \
April 4, 2019 at 12:18 PM<br> <b>To: </b>"clamav-users@lists.clamav.net" \
<clamav-users@lists.clamav.net><br> <b>Cc: </b>"Wilson, Chad - US" \
<cwilson@caci.com><br> <b>Subject: </b>[clamav-users] Clamd instream \
scanning<o:p></o:p></span></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<div>
<p class="MsoNormal">Knowledge needed please.<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">When streaming files to clamd for scanning, does the daemon \
write the file or does it handle all in memory?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">We do not have the temp directory uncommented/specified, so IF \
it writes it first, where does it write to?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If it writes first, then do we have the risk of another on \
access scanner interrupting clamd?<o:p></o:p></p> </div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If it handles all in memory, then no other \
questions. <o:p></o:p></p> </div>
<div>
<p class="MsoNormal">Thanks. <o:p></o:p></p>
</div>
</div>
</div>
</body>
</html>
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--===============0832776338298501068==--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic