[SOLVED] how to disable clamav daily.cvd, main.cvd, bytecode.cvd databases

P

poetry

Active Member
May 28, 2020
206
57
33
Hello,
I have a case where I would like to use only one manually created test.ndb file for clamav scanning. I would like to disable all other integrated signatures and apply only this .ndb file for scanning.

I have already disabled clamav-freshclam service with the command below
systemctl mask clamav-freshclam.service

How do do this?

Will this break in the future? Should just let freshclam running anyway?
 
poetry said:
I have a case where I would like to use only one manually created test.ndb file for clamav scanning. I would like to disable all other integrated signatures and apply only this .ndb file for scanning.
Click to expand...
why?

disabling clamav-freshclam should work - but I have not tested this - if you disable the service I assume this should work across upgrades
(but cannot promise this since the pre/postinst scripts from the clamav script might change in the future)
consider masking the service
 
Stoiko Ivanov said:
why?

disabling clamav-freshclam should work - but I have not tested this - if you disable the service I assume this should work across upgrades
(but cannot promise this since the pre/postinst scripts from the clamav script might change in the future)
consider masking the service
Click to expand...

The reason is this thread https://forum.proxmox.com/threads/b...xlsx-xls-for-some-domains.117645/#post-509196
I will make a summary in that thread when I am finished configuring everything.

In the end I had to spin up a new pmg instance just for this customer and use just clamav to block encrypted xlsx, xls and zip files. I also had to disable scanning of pdf files because they want to be able to receive password protected pdf.

If Arnaud Jacques did not help me by creating signatures for encrypted xls and xlsx files we would lost this customer.
So big shutout for his help and his company. We have been running his signatures and he has always been responsive and helpful if we needed help. He did not need to help me but he did it anyway.
https://www.securiteinfo.com/servic...e-of-zero-day-malwares-for-clamav.shtml?lg=en

This was a security requirement for this customer and if we did not do this they would just leave. I had to spend a lot of time configuring and testing additional pmg server that I will also have to maintain. I am not ready yet to deploy still have some testing to do will try to put it in the production next week. I have tried everything to avoid adding additional pmg instance but it does not seem possible.

I am quite disappointed by how limited you are if you are trying to run one pmg instance for multiple domains with different rules like it's not possible for clamav to run differently for each domain. And also it's very hard to make different rules for how to block and allow at what spam level for different domains.

To me it looks like pmg is build for one domain only if you are running multiple domains you are just stuck with very generic rules and you can't make any specific case for just some domains.

The updated security requirement was blocking password protected .xls and .xlsx and .zip files for their domains (they have a few) and allowing password protected .pdf files. We run a lot of domains on our instance and we can't enable this policy for all domains so configuring additional pmg is the only way to do this.
 
Last edited:
  • Like
Reactions: Stoiko Ivanov
poetry said:
The reason is this thread https://forum.proxmox.com/threads/b...xlsx-xls-for-some-domains.117645/#post-509196
I will make a summary in that thread when I am finished configuring everything.
Click to expand...
Thanks for sharing your experiences!

poetry said:
f Arnaud Jacques did not help me by creating signatures for encrypted xls and xlsx files we would lost this customer.
So big shutout for his help and his company. We have been running his signatures and he has always been responsive and helpful if we needed help. He did not need to help me but he did it anyway.
https://www.securiteinfo.com/servic...e-of-zero-day-malwares-for-clamav.shtml?lg=en
Click to expand...
That's great to hear and keep in mind!

poetry said:
I am quite disappointed by how limited you are if you are trying to run one pmg instance for multiple domains with different rules like it's not possible for clamav to run differently for each domain. And also it's very hard to make different rules for how to block and allow at what spam level for different domains.
Click to expand...
Many domains are not an issue at all - however - quite different configurations for clamav/spamassassin (or a radically different ruleset) - are not doable (or in many cases not doable comfortably) - but running one PMG instance for multiple different organisations with different requirements and policies is not really what it was designed for (and for the time being changing this is not a priority).
 
  • Like
Reactions: poetry
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back