Query External Database For Allow / Deny

[dkovacevic]

Would it be possible to configure ClamAV to query an external database for the final allow / deny decision for any given situation?

 

For example, in performing a disk scan, query the database with the file signature or hash, and base the allow / deny decision on whether the signature or hash is in the database.

 

Or, even simpler: mimic Squid's

external_acl_type

 

 

(http://www.squid-cache.org/Doc/config/external_acl_type/)

 

and just execute a user created script that returns "allow" or "deny".

[Pedersen]

ClamAV are open source so any modification you may like to add is entirely up to you. So short answer yes, but it is currently not a part of the suite.