From owner-freebsd-questions@FreeBSD.ORG Fri Jul 27 15:50:38 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 61006106564A for ; Fri, 27 Jul 2012 15:50:38 +0000 (UTC) (envelope-from dan@slightlystrange.org) Received: from lhscloud01.localhostservices.net (lhscloud01.localhostservices.net [83.222.226.222]) by mx1.freebsd.org (Postfix) with ESMTP id 1280B8FC08 for ; Fri, 27 Jul 2012 15:50:38 +0000 (UTC) Received: from client-82-26-202-194.pete.adsl.virginmedia.com ([82.26.202.194] helo=catflap.slightlystrange.org) by lhscloud01.localhostservices.net with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.80 (FreeBSD)) (envelope-from ) id 1SumoG-000JxO-2Z for freebsd-questions@freebsd.org; Fri, 27 Jul 2012 16:50:36 +0100 Received: from dan by catflap.slightlystrange.org with local (Exim 4.80 (FreeBSD)) (envelope-from ) id 1SumoF-000236-Cl for freebsd-questions@freebsd.org; Fri, 27 Jul 2012 16:50:35 +0100 Date: Fri, 27 Jul 2012 16:50:35 +0100 From: Daniel Bye To: freebsd-questions@freebsd.org Message-ID: <20120727155035.GG4834@catflap.slightlystrange.org> References: <20120727104308.GA4834@catflap.slightlystrange.org> <749F391EFB9AA6234EF1AFF4@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="IuhbYIxU28t+Kd57" Content-Disposition: inline In-Reply-To: <749F391EFB9AA6234EF1AFF4@localhost> X-PGP-Fingerprint: D349 B109 0EB8 2554 4D75 B79A 8B17 F97C 1622 166A X-Operating-System: FreeBSD 9.1-PRERELEASE amd64 User-Agent: Mutt/1.5.21 (2010-09-15) Sender: Daniel Bye Subject: Re: On-access AV scanning X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Daniel Bye List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jul 2012 15:50:38 -0000 --IuhbYIxU28t+Kd57 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 27, 2012 at 10:02:26AM -0500, Paul Schmehl wrote: > --On July 27, 2012 11:43:08 AM +0100 Daniel Bye > wrote: >=20 > >Are there any current options available to support on-access antivirus > >scanning on FreeBSD? > > >=20 > Clamav. I use it on my home mail server (I have a Windows machine on my network, so want to trap anything nasty that comes in to protect that). It integrates well with exim's malware ACL checks. >=20 > I did some testing several years ago with ClamAV, Sophos and McAfee > (scanning incoming mail), and ClamAV was comparable to McAfee in > detection rates - over 98%. Yes, it's a good product, no doubt. >=20 > If you run the daemon you have on access scanning. Seems like that > would satisfy the policy. No - the daemon only provides on-demand scanning on FreeBSD. That is, it only scans files that are explicitly passed to it by some other process - usually an MTA or the clamscan command line tool. On-access scanning requires an additional layer on top of the file system, which intercepts certain file system operations, sending files transparently to the scanner.= =20 Opening a file in your editor, for example, might cause the file to first be scanned before your editor can get it. Likewise, trying to download something from the web in your browser would cause the file to be scanned before it's saved to disk. That's what the dazuko port was for (although it doesn't work on FreeBSD9, and the latest version is a Linux-only rewrite.) As Polytropon pointed out, it should be possible to create a passing approximation by using FAM/Gamin. Thanks, everyone, for all your input. I think I have enough to be able to put a strong case forward. Dan --=20 Daniel Bye _ ASCII ribbon campaign ( ) - against HTML, vCards and X - proprietary attachments in e-mail / \ --IuhbYIxU28t+Kd57 Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (FreeBSD) iEYEARECAAYFAlASuMsACgkQixf5fBYiFmqBawCeJUbwL417+eqilmAQvyf9PWo2 3uQAoKIiYDllicb09G89MLr04S6urmTU =Wz6z -----END PGP SIGNATURE----- --IuhbYIxU28t+Kd57--