dkovacevic Posted January 23, 2015 Report Share Posted January 23, 2015 Would it be possible to configure ClamAV to query an external database for the final allow / deny decision for any given situation? For example, in performing a disk scan, query the database with the file signature or hash, and base the allow / deny decision on whether the signature or hash is in the database. Or, even simpler: mimic Squid's external_acl_type (http://www.squid-cache.org/Doc/config/external_acl_type/) and just execute a user created script that returns "allow" or "deny". Link to comment Share on other sites More sharing options...
Pedersen Posted January 23, 2015 Report Share Posted January 23, 2015 ClamAV are open source so any modification you may like to add is entirely up to you. So short answer yes, but it is currently not a part of the suite. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.