Next: Archives and compressed files
Up: Usage
Previous: Clamdscan
  Contents
Clamuko
Clamuko is a special thread in clamd that performs on-access
scanning under Linux and FreeBSD. It is implemented as a thread in clamd
and cannot work as a clamd client because of the Dazuko implementation.
There are however some benefits of the current implementation - clamuko
is sharing the internal virus database with clamd and it's updated with
the RELOAD command. You must follow some important rules when
using clamuko:
- Always stop the daemon cleanly - using the QUIT command or
the SIGTERM signal. In other case you can lose your access
to protected files until the system is restarted.
- Never protect a directory your mail-scanner software
uses for attachment unpacking. Access to all infected
files will be automatically blocked and the scanner (even clamd)
won't be able to detect a virus. All infected mails will
be delivered.
You need to enable clamuko in clamav.conf. To protect the /home
directory enable:
ClamukoIncludePath /home
To protect the whole system:
ClamukoIncludePath /
ClamukoExcludePath /proc
ClamukoExcludePath /temporary/dir/of/your/mail/scanning/software
You can use clamuko to protect files on Samba/Netatalk (but far
more better and safe idea is to use the samba-vscan module
5.16. NFS is not supported (Dazuko doesn't intercept NFS
access calls). Yet another idea - you may build a database that contains
signatures for popular exploits and setup clamd to protect your server
from script-kiddies.
Next: Archives and compressed files
Up: Usage
Previous: Clamdscan
  Contents
Tomasz Kojm
2004-06-14