FOG 1.5.6 & Arch Linux - AntiVirus Scan

Grob.Charl

@Grob-Charl said in FOG 1.5.6 & Arch Linux - AntiVirus Scan:

@Grob-Charl said in FOG 1.5.6 & Arch Linux - AntiVirus Scan:

Anti-virus scan… troubleshooting…
Could never get it to work since ever… first install was FOG 1.4.4 and updating ever since, even clean install is no go…

Error I am talking about… 

george1421

It was my understanding that this feature was to be removed from FOG. Looking at the github site for FOS it appears that IS still in the package.

I understand why the mount is failing because /opt/fog/clamav is not in the FOG server’s export list. Can you confirm that there is a directory on the fog server /opt/fog/clamav and its populated? We can adjust the /etc/exports to share that directory but AFAIK that feature is not supported by FOG anymore.

Grob.Charl

@george1421
Ok, I did not know it was not supported anymore. There is no folder in that location. I can add and share, but unless it is correctly setup and populated, I am not sure it will function… which means I might as well then take it out of the menu…

Ok, if not supported, I will remove from Menu, easiest

Thank you for your quick response.

george1421

@Grob-Charl If you need to do some kind of AV scan, maybe setup a boot disk like hiren’s or some other AV solution that can be delivered by an iso image. We can get FOG to deploy an iso or equiv image to take the place of the FOG AV scan. The clamav scanner is mainly a linux scanner.

Grob.Charl

@george1421
Quick question, then why has it not been removed from the menu? This then just “advertises” what it can’t do… weird…

How do I close this thread as resolved (kind of)?

Grob.Charl

@george1421 That can work. The best live av scanner I have ever used was Dr WebCureIT. The whole idea of this being a brilliant feature is the fact that the server can keep it’s anti-virus up to date so no additional stuff is required.

Doing a net-boot then scan is a live scan. One of the best you can do as it then has to scan on a binary level and virus then can’t “hide” in system protected files… so even if using a clamav / Dr WebCureIT for a live scan… all good…

I understand that clamav is a linux scanner… but it scans files which is what it needs to do… Linux or not. I have scanned many partition types with this scanner… as long as your OS can read the partition, clamav can scan it, which is why I love it.

Grob.Charl

@george1421
“We can get FOG to deploy an iso or equiv image to take the place of the FOG AV scan” - if there a live anti-virus scan… done. My suggestion would then be to contact DrWebCureIT people and find out if they can maybe supply an updating image. Either that or an alternative… but a live scan is the idea… something that does not boot the target os to scan.

The only reason I am mentioning an updating image is as it (DrWebCureIT) works now, you download a bootable iso which can scan your system for virusses, but it can not update it’s definitions. So if tomorrow you need to scan again, either use your old disk (which is up to date up to yesterday) or download the new iso…

george1421

@Grob-Charl said in FOG 1.5.6 & Arch Linux - AntiVirus Scan:

Quick question, then why has it not been removed from the menu? This then just “advertises” what it can’t do… weird…

I’ll mention it to the developers the next time I chat with them. It probably would be a good idea to add a post to the bug reports section since the left over menu items should have been removed.

Grob.Charl

@george1421 Perfect I say thank you…

Suggestion, mention as well the “ability” to convert iso to “fog menu image”… also a very useful idea. If there was a function in the fog gui where I can (just brain farting now)…

Select “Create live image”, Select iso (bootable is up to user to create), and create. Fog then creating a menu entry to boot the image… live without deploying… Example, a hiren bootable iso.

Just an idea. That would give the ability to boot “any” live iso. Something like that can work as then you can get an iso for (example) WebCureIT, Hiren, Windows Installer iso… that would allow to use the tools like “Repair MBR” or “Recover Partition”, etc…

Even a menu entry (Live Images) and having it list them there… similar to “Deploy Image” in the PXE environment, just not deploy… running image. The important part would be the ability to boot image, and after restart… back to normal boot.

Grob.Charl

@george1421 I still say thank you for the assistance. FOG is great and any input (even if just an idea) I can do to help, I will gladly assist.

Currently FOG is helping managing 200 desktop systems that have a mix of Win (10 & 8.1), Mac (iMac 2010 - 2018) & Linux (Debian & Arch) systems and it works brilliantly including the snapin, activation & inventory functionality.

george1421

@Grob-Charl said in FOG 1.5.6 & Arch Linux - AntiVirus Scan:

Suggestion, mention as well the “ability” to convert iso to “fog menu image”

Lets start with this one:
https://forums.fogproject.org/topic/10944/using-fog-to-pxe-boot-into-your-favorite-installer-images

Sebastian Roth

@Grob-Charl You are right, this seems like a part of FOG which has not received much attention from us devs and the users whatsoever. The error you posted in the picture is caused by a commit that was done in May 2015 and as far as I know you are more or less the first person who asked about it in the last years.

As I have not been involved into FOG as much back then I am not sure if it was intended to be removed or not. It’s still in the web UI and also in the FOS scripts so I guess it’s just all in standby. I wonder if this has ever worked or was just being worked on and is still in an unfinished state because people don’t seem to use it.

Doing a bit more research I found that in earlier versions FOG provided ClamAV binaries within the github repo and populated those into /opt/fog/clamav to be used by the host in the AV Scan task. That turned out to be an issue with updating and so it was (partly) removed and instructions on how to manually install ClamAV on the FOG server were supposed to be added to the wiki.

I guess this all happened when a lot of other things changed in FOG and it was kind of abandoned when people stopped asking about the AV feature.

This is not at all pointing the finger at anyone. I am just trying to show the history of this so we can all decide if we want to keep this within FOG (and make it work) or if we should completely remove it. Asking @Tom-Elliott @Moderators and everyone else interested in this topic!

I have also done a quick test compile of the ClamAV package within our Buildroot and it seems like we should be able to do the AV scan stuff without installing anything on th FOG server. Would just add 1 MB to the init files. Any client booting into the AV task would then download the latest set of AV signatures on it’s own (into a virtual RAM disk that is lost after the machine reboots).

@Grob-Charl said:

Suggestion, mention as well the “ability” to convert iso to “fog menu image”… also a very useful idea.

There is no way we can automate this for you. It would be a hell of a lot of work and a new project by itself. Every ISO is kind of different. While there might be a few that can be handled in the same way there are so many that are too different. Especially when it comes to Windows ISOs. Follow the great topic George posted and you will find a lot of useful information on this topic.

george1421

@Sebastian-Roth I’m at a point to say if its not a core function to fog and its not currently support or appears to be abandoned go ahead and remove it from FOG. There are other options people have to scan for viruses they just need to use it.

Grob.Charl

@Sebastian-Roth Ok, the “fog menu image” I thought might be a bit much… so no that’s fine, it was an idea… would it not the be a good idea to add a default “bootable os”… like Hiren? Just thinking… but in all honesty… I love all of it, so thumbs up and brilliant work so far… I tip my hat to you gentlemen.

Did programming myself for a while, so got a good idea the words “hell of a lot of work” means when it comes to scripting / programming.

Grob.Charl

@george1421 Agreed in my opinion… either have it working or remove…

Sebastian Roth

We’ll keep track of this on github:
https://github.com/FOGProject/fogproject/issues/328
https://github.com/FOGProject/fos/issues/28