[TCLUG] Linux virus scanning

[Chris Frederick]

<numerous responses sniped>

Just wanted to say thanks again everyone.  I had no clue that there were
this many scanners available.  I did a quick google for some others and
there's one called RAV that I'm also looking at.

The plan is to use HTTP_POST in php:
<?php
check if HTTP_POST temp file exists{
    server(scan the file);
    if(infected){
        delete it  //could be done by the scanner?
    }else{
        copy it to a location that others can safely download it from
    }
}
?>

I like the idea of the ClamAV daemon, if all it does is give a return
code.  I just need to get to their site, even the ip is timing out for
me.  RAV seems to do the same thing, but so far the trial download has
about 3 pages of output for a single file scan (and thats without the -v
verbose option)  I'd like to have the code know whats going on, so an
"on-access" scanner might be a bit much (one scan for the tempfile, one
scan done in code, and another after copying it into place).  McAfee
sounds pretty good as well.  Since this is commercial, I may have to go
with them, but it sounds like it would have the features I'm looking
for.

Guess I got more research to do.  Thanks for the info everyone.  I'll
keep checking for more as well, but it looks like it's between ClamAV
(depends on license), McAfee, and RAV so far.
-- 
Chris Frederick <cdf123 at cdf123.com>

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list