Next: Archives and compressed files
Up: Usage
Previous: Clam daemon
  Contents
Clamuko
Clamuko is a special thread in clamd, that performs on-access
scanning under Linux. It was implemented as a thread in clamd because
of Dazuko implementation. Client (clamuko) - server (clamd) model is
currently not supported by Dazuko. There are some benefits from
current implementation - clamuko is sharing the database with clamd,
and it's updated with the RELOAD command. You must obey the
following principles when using clamuko:
- Always stop the daemon cleanly, with QUIT command or
SIGTERM signal. In other case, you can lose an access
to the protected files until the system is restarted.
- Never protect the directory your mail-scanner software
uses for attachments unpacking. Access to all infected
files will be blocked, and the scanner (even clamd)
won't be able to detect a virus. Infected mail will be
delivered.
You need to enable clamuko in clamav.conf. To protect directory
/home, please use the option:
ClamukoIncludePath /home
To protect the whole system:
ClamukoIncludePath /
ClamukoExcludePath /proc
ClamukoExcludePath /tempdir/of/mail/scanner
You can use clamuko to protect file access on Samba/Netatalk. NFS
is not supported (Dazuko doesn't intercept NFS access calls). Another
idea - you can build a database containing a signatures of the popular
exploits, it will protect you against script-kiddies.
Next: Archives and compressed files
Up: Usage
Previous: Clam daemon
  Contents
Tomasz Kojm
2003-06-21