java 文件的内存扫描,最好使用 ClamAV
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11627370/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
In-memory scanning of files, ideally using ClamAV
提问by Martin
We are implementing an enterprise application with a heavy focus on security, which includes the uploading of files. These files need to be virus scanned, but also need to be encrypted.
我们正在实施一个重点关注安全性的企业应用程序,其中包括文件的上传。这些文件需要进行病毒扫描,也需要加密。
The current process is that the files are uploaded and then streamed - through an encrypter - to a temporary storage area on disk. The virus-scanner is then called and the files are decrypted on the fly, streamed through to ClamAV via a socket - and then the virus-status returned from the socket.
当前的过程是上传文件,然后通过加密器将文件流式传输到磁盘上的临时存储区域。然后调用病毒扫描程序,文件被即时解密,通过套接字传输到 ClamAV - 然后从套接字返回病毒状态。
The problem is that ClamAV seems to write to a temporary area on disk before scanning, which means unencrypted, potentially-sensitive data on the file-system.
问题是 ClamAV 似乎在扫描之前写入磁盘上的临时区域,这意味着文件系统上未加密的潜在敏感数据。
Does anyone know how to fix this? Possibly by configuring ClamAV to scan in-memory only (my Google search yielded no results), or maybe some alternative suggestions?
有谁知道如何解决这一问题?可能是通过将 ClamAV 配置为仅扫描内存(我的 Google 搜索没有结果),或者一些替代建议?
采纳答案by Rafael Ferreira
I'm assuming here that you are using clamd since you are talking to it via a socket not clamscan the cli tool.
我在这里假设您正在使用 clamd,因为您是通过套接字与它交谈,而不是 clamscan cli 工具。
In that case you can configure it via the TemporaryDirectory directive in your clamd.conf to point to an encrypted filesystem for temp storage using something like dm-crypt (https://help.ubuntu.com/community/EncryptedFilesystemHowto) - I hope this helps.
在这种情况下,您可以通过 clamd.conf 中的 TemporaryDirectory 指令对其进行配置,以使用 dm-crypt (https://help.ubuntu.com/community/EncryptedFilesystemHowto) 之类的东西指向用于临时存储的加密文件系统 - 我希望这个有帮助。
Reference from man 5 clamd.conf:
来自 man 5 clamd.conf 的参考:
TemporaryDirectory STRING
Optional path to the global temporary directory.
Default: system specific (usually /tmp or /var/tmp).
回答by user1094698
There is a good example:
有一个很好的例子:
Java API to Detect Virus Using ClamAV Antivirus
使用 ClamAV Antivirus 检测病毒的 Java API
http://nsinfra.blogspot.ca/2011/06/java-api-to-detect-virus-using-clamav.html
http://nsinfra.blogspot.ca/2011/06/java-api-to-detect-virus-using-clamav.html
This post describes the approach of scanning files to detect trojans, viruses, malware and other malicious threats using java APIs.
这篇文章描述了使用 Java API 扫描文件以检测木马、病毒、恶意软件和其他恶意威胁的方法。
Following items have been covered: About ClamAV antivirus Instructions to install ClamAV antivirus on Linux machine Approach to scan file using ClamAV Java API to detect virus
涵盖了以下项目: 关于 ClamAV 防病毒 在 Linux 机器上安装 ClamAV 防病毒的说明 使用 ClamAV Java API 扫描文件以检测病毒的方法
回答by SpaceTrucker
The simplest thing I can imagine is using a ram disk.
我能想象到的最简单的事情是使用 ram 磁盘。
Maybe you should check if ClamAV has a more sophisticated API for such a task.
也许你应该检查一下 ClamAV 是否有一个更复杂的 API 来完成这样的任务。
