From 3e89ed19fb4cec7d2c2f0b3e32188db0a1a64be0 Mon Sep 17 00:00:00 2001 From: Michiel Broek Date: Sun, 17 Feb 2008 21:51:43 +0000 Subject: [PATCH] Added documentation for stream scanning --- ChangeLog | 5 +++++ html/setup/virscan.html | 44 +++++++++++++++++++++++++++++++++++++---- 2 files changed, 45 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3a917a99..afc35192 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,11 @@ $Id$ v0.95.1 07-Jan-2008 + upgrade: + Start mbsetup and exit. If you have a clamd running on some + server (or bbs machine), you can switch to use stream + scanning. See the manual for details. + mbselib.h: Added file virscan function. Added stream scanning for ClamAV, scanning is 10 times faster diff --git a/html/setup/virscan.html b/html/setup/virscan.html index d7df3dde..ccffba84 100644 --- a/html/setup/virscan.html +++ b/html/setup/virscan.html @@ -14,7 +14,7 @@
-
Last update 03-May-2004
+
Last update 17-Feb-2008

MBSE BBS Setup - virus scanners

Once upon a time there was no DOS and no computer virusses. But since DOS was @@ -47,8 +47,7 @@ Can also be installed in sendmail or Postfix to scan incoming and outgoing email. This may be a good idea if you run a email gateway. This version can be registered for personal use.
  • F-PROT available from http://www.frisk.is. For now the BETA releases are free -for personal use. +HREF="http://www.frisk.is">http://www.frisk.is. There is a free version for personal use.
  • Clam AntiVirus is a GNU licensed virus scanner for Unix. It is available from www.clamav.net. It has one slight disadvantage over other scanners (or just the opposite), when it tests a @@ -60,7 +59,44 @@ As soon as you have made one scanner available in the setup and you receive file in tic areas where the scan flag is set, then these files will be checked. As soon as one of the scanners detects a virus the received file will not be imported. Uploads from users will be checked with the installed virus scanners as well. -

    +

     

    + +

    Stream scanners

    +

    +A new feature is stream scanning. In this setup you need a virus scanner loaded as a daemon and it +must listen to a TCP/IP port to receive commands and data to scan. Currently this is only implemented +for ClamAV, but F-Prot may follow. First you need a machine where clamd is running, this +can be a remote machine but of course also the bbs machine itself. ClamAV needs to be configured +so that it listens to a TCP/IP port, and depending on other things on the local socket too. +Recent versions of ClamAV can do both together. Change your /etc/clamav/clamd.conf to +contain the following lines: +

    +# Path to a local socket file the daemon will listen on.
+# Default: disabled (must be specified by a user)
+LocalSocket /var/run/clamav/clamd
+
+# Remove stale socket after unclean shutdown.
+# Default: no
+#FixStaleSocket yes
+
+# TCP port address.
+# Default: no
+TCPSocket 3310
+
+# TCP address.
+# By default we bind to INADDR_ANY, probably not wise.
+# Enable the following to provide some degree of protection
+# from the outside world.
+# Default: no
+#TCPAddr 127.0.0.1
+
    +I left the comment for the TCPaddr, but it's up to you to protect the clamd server. After you +restart clamd test the connection with telnet host.where.clamd.runs 3310, +type VERSION followed by a return and you should see the ClamAV version. If that works, you can enable +the ClamAV stream scanner in mbsetup and disable the old commandline scanner.
    +So why would you use this. It's about 10 times faster then the commandline scanner. +

    + BackBack to index  HomeBack to main index