Clamuko

Clamuko is a special thread in clamd that performs on-access scanning under Linux and FreeBSD. It is implemented as a thread in clamd and cannot work as a clamd client because of the Dazuko implementation. There are however some benefits of the current implementation - clamuko is sharing the internal virus database with clamd and it's updated with the RELOAD command. You must follow some important rules when using clamuko:

• Always stop the daemon cleanly - using the QUIT command or the SIGTERM signal. In other case you can lose your access to protected files until the system is restarted.
• Never protect a directory your mail-scanner software uses for attachment unpacking. Access to all infected files will be automatically blocked and the scanner (even clamd) won't be able to detect a virus. All infected mails will be delivered.

You need to enable clamuko in clamav.conf. To protect the /home directory enable:

	ClamukoIncludePath /home

To protect the whole system:

	ClamukoIncludePath /
	ClamukoExcludePath /proc
	ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software

You can use clamuko to protect files on Samba/Netatalk (but far more better and safe idea is to use the samba-vscan module 5.16. NFS is not supported (Dazuko doesn't intercept NFS access calls). Yet another idea - you may build a database that contains signatures for popular exploits and setup clamd to protect your server from script-kiddies.