Jump to content


Photo

Query External Database For Allow / Deny


  • Please log in to reply
1 reply to this topic

#1 dkovacevic

dkovacevic

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 23 January 2015 - 06:30 AM

Would it be possible to configure ClamAV to query an external database for the final allow / deny decision for any given situation?

For example, in performing a disk scan, query the database with the file signature or hash, and base the allow / deny decision on whether the signature or hash is in the database.

Or, even simpler: mimic Squid's
external_acl_type


(http://www.squid-cac...ernal_acl_type/)

and just execute a user created script that returns "allow" or "deny".

#2 Pedersen

Pedersen

    Administrator

  • Administrators
  • 250 posts

Posted 23 January 2015 - 03:44 PM

ClamAV are open source so any modification you may like to add is entirely up to you. So short answer yes, but it is currently not a part of the suite.
Pedersen. Sourcefire Administrator.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users