Suggest New Features for ClamXav

Discussions relating to ClamXav

Moderator: Mark

Suggest New Features for ClamXav

Postby Mark » Sun 29 May 2005 5:47 pm

This thread has become a bit unwieldy, so I've decided to lock it and start a new one which I hope to keep updated more frequently.

Here's the new thread

Requests relating to the main ClamXav application:
CD/DVD/disks to be scanned as they're inserted - Already implemented (ClamXav Sentry)
Files to be scanned automatically as they're downloaded - Already implemented (ClamXav Sentry)
Drag and dropped files/folder as a method to choose what to scan - Already implemented.
When a virus is found, show what was detected and provide a link to learn more about that virus.
Ability to schedule a scan on startup or shutdown - Scan/updates at startup should be possible but not shutdown unfortunately
In Firefox you can set up actions to be performed on various files once downloaded, could this pass files directly to ClamXAV - Already implemented.
Ability to specify in prefs where ClamAV is installed.
In prefs I would like to see which folders I have schedules set up for.
The ability to select an entire volume for scanning in ClamXav.
List of "favourite places" with one click to scan each.
More fine-grained scheduling options including the ability to set multiple schedules.
I would prefer the schedule timer to have keyboard entry for the time rather than difficult to read sliders.
Remember which files have already been scanned since their last modification date so we only need to scan new or modified files.
ClamAV 0.88+ has support for more than once per day updates, in fact upto 4 times an hour. Can this be added?
Preferences box for Oversized.zip complaints - Already implemented.
Use system's built-in authentication dialogs so no need to be logged in as admin to set schedules etc.

Requests relating to ClamXav Sentry:
It would be nice if the menubar could show the date of the last virus definitions & engine update.
Have Sentry's found virus dialog box options as "Ignore", "Show File", "Delete File", "Launch ClamXav".
Add a feature where one can exclude specific devices from being scanned when inserted.
Add support for growl.
Ability to quarantine/delete an infected file automatically - Already implemented.
Ability watch every subfolder and subsubfolder etc in a directory.
Option to update the Virus Definitions from the Sentry menu - Already implemented.
Ability for Sentry to watch the entire hard drive.
Status display to say 'abc.doc' has been scanned by Sentry and is safe to open. Maybe window launchable from the menu bar icon?
Use clamd and clamdscan rather than clamscan.

Requests relating to both:
Need a way to have quarantining and scan email options selected.
Better handling of email (esp outbound) with better Mail.app integration.
A way to allow admins to force users to have ClamXav Sentry run.
Better exclusion and inclusion control in preferences i.e not requiring Regular Expression knowledege.
Name of the directory being scanned to appear in the "clamXav-scan.log" file.
Make one/other/both AppleScript aware
Provide an AppleScript for checking mail - See Virustrapp's script

Requests that can't really be categorised!
When a schedule starts, I would like to see notification that it's running.
Ability to have ClamXav show us when it's finished a scheduled scan - Already implemented. (option to open log file after schedule has run)
Right-click, contextual menu item to scan individual files or selected folders - Already implemented.
Any chance of a combined package that also includes rkhunter? http://www.rootkit.nl and http://www.chkrootkit.org
ClamAV engine with support for digital signatures.
Last edited by Mark on Wed 17 Jan 2007 9:01 am, edited 8 times in total.
Mark
Site Admin
 
Posts: 1460
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Future Versions

Postby jow » Sun 29 May 2005 6:40 pm

Mark, I would love to see a facility by which a CD or DVD disk (or any other disk for that matter) when put in the computer is scanned for viruses (note the spelling) AUTOMATICALLY.
Also, would it be possible to scan AUTOMATICALLY, downloads to the desktop folder.
You may be on to these already with the 1.0 version coming in June, in the meantime standby for a donation for all your hard work!!!!!
jow
 
Posts: 120
Joined: Sat 28 May 2005 9:46 pm

Postby Mark » Sun 29 May 2005 10:35 pm

You'll be glad to know that I already have both of these features working properly on 1.0 :)
Mark
Site Admin
 
Posts: 1460
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Suggestions: Drag and drop, virus info

Postby fizikci » Tue 31 May 2005 9:18 pm

Greetings,

Thanks for the great work Mark.

I would like to see future versions have the ability to accept drag and dropped files/folder as a method to choose what to scan.

Also, when a virus is found, show what virus was detected and provide a link to learn more about that virus. I did notice that the log file already shows which virus was identified.

Many Thanks.

-Travis N
fizikci
 
Posts: 2
Joined: Sat 28 May 2005 9:46 pm

suggestions

Postby efo » Thu 07 Jul 2005 5:48 am

First I'd like to thank you. so Thank you VERY much. I have been using Clam via command line and had started making an Applescript Studio front end but just didn't have time enough to do it right.

A few suggestions...

1. when a virus is detected either via ClamXav app or ClamXav Sentry it should give an option of opening the containing folder or even maybe moving the infected files to either the Trash or the Quarantine folder.

2. I agree with an above suggestion - I also like to check out more info on a virus so providing a basic link to search at http://vil.nai.com/vil/default.asp or some other virus archive. That was one that just came to mind.

3. are you looking into a way to have Quarantine on AND scan email? I am guessing you have not done so because... if you had quarantine on you would be moving you mailbox file to the quarantine. Wouldn't it be possible to check if you are checking an mailbox file and if it is skip the quarantine move?

4. to go along with the above about mailbox scanning... sending mail.app message to flag the message in some way would be nice... this could be done with applescript and doing somthing like a. move to trash or b. set text or background color or some other way of flagging the infected message would be nice. then you simply need to either do a search in mail for that flag and get a list of all infected files or in tiger mail create a smart folder that will always sort out thos flags

5. again sticking with mail.app any chance of a mail.app plugin that would allow you to scan inbound mail as it arrives? I have scanning on my server but many people don't. even scanning out bound would be nice to so you arent' sending other people infected files. but inbound is sufficient.

6. last but not least any chance of a combined package that also includes rkhunter? I already run rkhunter via command line but having a one stop install and configuration tool would be sweet! I assume you know of rkhunter but in case you don't http://www.rootkit.nl/

this would be a very solid security tool as a perfect 1 / 2 punch.

nice part is both are very fast and use up little system resources


I can't thank you enough for doing this!

cheers
and thanks!
efo
 
Posts: 1
Joined: Thu 07 Jul 2005 5:31 am

Mail.app in Tiger

Postby fizikci » Thu 07 Jul 2005 6:14 pm

It may be possible to scan emails individually in Tiger Mail. This version of mail stores each message as in individual text file rather than as part of a lengthy mbox text file. The format is similar to imapmbox storage in previous versions of Mail. ClamxAV should be able to scan and quarantine these messages then, no?

Thanks.

-Travis N
fizikci
 
Posts: 2
Joined: Sat 28 May 2005 9:46 pm

Smart folders

Postby Moldarin » Sat 09 Jul 2005 9:26 am

Hi I would like support for Smart folders in Folder sentry.

I try to drag n' drop a smart folder to "Folders Being Watched", but they just get rejected.
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

Postby Mark » Sun 10 Jul 2005 10:07 pm

I did try to add support for smart folders but was unable to. It turns out that a smart "folder" isn't actually a folder. If you drag one on top of the TextEdit icon, you'll see that it is in fact just a file containing Spotlight search criteria. Unfortunately, this makes it impossible for me to add support for monitoring them. Sorry.
Mark
Site Admin
 
Posts: 1460
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Postby Moldarin » Sun 10 Jul 2005 10:15 pm

mark wrote:(..) If you drag one on top of the TextEdit icon, you'll see that it is in fact just a file containing Spotlight search criteria. (...)

It sould be posible to monitor that list...
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

Postby Mark » Sun 10 Jul 2005 10:41 pm

Moldarin wrote:
mark wrote:(..) If you drag one on top of the TextEdit icon, you'll see that it is in fact just a file containing Spotlight search criteria. (...)

It sould be posible to monitor that list...


Trust me, it's not. Here's how it works:
• ClamXav Sentry starts up and reads in the list of folders to watch.
• For each folder, it builds and stores a list of contents
• When an action occurs in a watched folder, Sentry determines whether a file was added or removed by comparing the new contents with the old
• New files/folders, if any, are scanned

As I said before, the "smart folder" isn't a folder and therefore has no contents to monitor/change. It's the Finder and Spotlight that are doing all the donkey work of making it look like a folder.

Third party applications (ie those not made by Apple) do not automatically get support for new things like Spotlight. While I do hope to add support in a future version of ClamXav, regrettably this is still a long way off.
Mark
Site Admin
 
Posts: 1460
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Postby Moldarin » Sun 10 Jul 2005 11:29 pm

What about using an AppleScrip/Automator action to activate the smart folders search querry and copy the files to a temp. location?
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

Re: Suggestions: Drag and drop, virus info

Postby Moldarin » Sun 10 Jul 2005 11:34 pm

fizikci wrote:(..) Also, when a virus is found, show what virus was detected and provide a link to learn more about that virus. I did notice that the log file already shows which virus was identified. (..)

http://clamav-du.securesites.net/cgi-bin/clamgrok
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

Postby Moldarin » Tue 12 Jul 2005 12:44 pm

Moldarin wrote:What about using an AppleScrip/Automator action to activate the smart folders search querry and copy the files to a temp. location?

It should be popible to execute the search criterials and get the file locations.
Moldarin
 
Posts: 10
Joined: Sat 09 Jul 2005 7:33 am
Location: Lillehammer, Norway

Postby Mark » Wed 13 Jul 2005 12:25 am

Moldarin wrote:It should be popible to execute the search criterials and get the file locations.


As I say, that's something I can think about for a future version when I implement support for Spotlight.
Mark
Site Admin
 
Posts: 1460
Joined: Sat 28 May 2005 9:46 pm
Location: Edinburgh, Scotland

Suggested change to crontab

Postby lkbowen » Thu 28 Jul 2005 6:49 pm

I posted this in the clamXav section. I'm putting it here as well because it containes a suggestion for future releases.

lkbowen wrote:I'm getting mail that is from the scheduled scans as well as freshclam.

Cron by default emails the output of the job to the user whose crontab it is. You may want to consider adding something like " > /dev/null 2>&1" to the end of the cron jobs. That way the output is sent to the /dev/null device unless an error occurs.

This would apply not only to the scheduled scans, but to the virus definition updates. You can still use the cron job you are using to send the output to logs, but this way it only sends an email if an error occurs (such as if the executable is not found or the scan or update terminates uncleanly).


I'm not a programmer by any means, but I'm sure it's fairly simple to add the above to the command that creates the crontab. What you've got right now is going to be filling everyone's machines up with email. All cron jobs are outputting mail, and unless a user knows how to delete it, anyone who schedules scans and updates will end up with a hard drive slowly filling with unknown and unnecessary mail.
lkbowen
 
Posts: 2
Joined: Thu 28 Jul 2005 6:29 pm

Next

Return to ClamXav

Who is online

Users browsing this forum: No registered users