Next: Archives and compressed files
Up: Usage
Previous: Clam daemon
  Contents
Clamuko
Clamuko is a special thread in clamd that performs on-access
scanning under Linux. It was implemented as a thread in clamd due
to the Dazuko implementation. Client (clamuko) - server (clamd) model is
currently not supported by Dazuko. However there are some benefits of
the current implementation - clamuko is sharing the internal virus
database with clamd and it's updated with the RELOAD command. You
must obey the following important principles when using clamuko:
- Always stop the daemon cleanly - using the QUIT command or
SIGTERM signal. In other case you can lose your access
to protected files until the system is restarted.
- Never protect a directory your mail-scanner software
uses for attachment unpacking. Access to all infected
files will be automagically blocked and the scanner (even clamd)
won't be able to detect a virus. The infected mail will
be delivered.
You need to enable clamuko in clamav.conf. To protect the /home
directory enable the following directive:
ClamukoIncludePath /home
To protect the whole system:
ClamukoIncludePath /
ClamukoExcludePath /proc
ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software
You can use clamuko to protect files on Samba/Netatalk (but far
more better and safe idea is to use the samba-vscan module
5.17. NFS is not supported (Dazuko doesn't intercept NFS
access calls). Yet another idea - you may build a database that contains
signatures for popular exploits and setup clamd to protect your server
from script-kiddies.
Next: Archives and compressed files
Up: Usage
Previous: Clam daemon
  Contents
Tomasz Kojm
2004-02-11