[Aide] Aide - Clamav integration
Miner, Jonathan W (CSC) (US SSA)
jonathan.w.miner at baesystems.com
Wed Dec 7 15:07:06 EET 2005
I question the logic of only scanning files that Aide reports as changed... what happens with the virus definitions changes; at that point you should be scanning all the files.
Ideally, the AV software should maintain a database of which files were scanned with which version of the definitions. Then any time either the definitions or the files change, then scanning whould be performed.
-----Original Message-----
From: aide-bounces at cs.tut.fi on behalf of Richard van den Berg
Sent: Wed 12/07/2005 05:21 AM
To: Aide user mailinglist
Cc:
Subject: Re: [Aide] Aide - Clamav integration
Virolainen Pablo wrote:
> I don't like the idea of aide executing some programs. I think it would be
> better to implement this with report post processor. It just doesn't feel
> the right thing to fork and exec inside aide.
I agree. Running clamav after aide has run should be easy enough to script.
Sincerely,
Richard van den Berg
_______________________________________________
Aide mailing list
Aide at cs.tut.fi
https://mailman.cs.tut.fi/mailman/listinfo/aide
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/ms-tnef
Size: 2941 bytes
Desc: not available
Url : https://mailman.cs.tut.fi/pipermail/aide/attachments/20051207/52dbeaa7/attachment.bin
More information about the Aide
mailing list