I’m working on a risk exemption to permit Silverblue to be used by engineering and operations personnel at my company. The one risk case that I don’t have anything for is catching and reporting malware (I’m thinking of infected .docs, spreadsheets, pdfs) in /home. These can come from web downloads, email downloads, malicious flatpaks, or software installed in toolbox. I need this to be on-access or at least cron-able.
I experimented with layering clamav, clamav-update, and clamd then running clamonacc and it destroyed the CPU and battery life so that’s not an option. Our normal antivirus refuses to work properly in the core OS and in a container.
Not everyone who would be using this solution would be using thunderbird so an add-on there is not going to solve my needs. In addition, a chunk of files are transferred via Slack so that also negates an email-based solution. We also upload files via git so this also forces me into a /home scanning solution.
In case I’m missing something, I’m reaching out to see if anyone has any nifty ideas.
Edit: Yes, I had on access scanning restricted to /home