Real time AV scans on a dedicated file server

I need your advice on whether the following scenario is feasible with Fedora Server:

The requirement is to set up a file server on a dmz that synchronizes a set of folders using rsync / unison and passes them via samba to clients on another network segment.
There will be Windows clients on both sides.

The purpose of this Fedora server in the dmz is to block the transfer of some file types (exe, …) and to check for viruses. For this purpose, the server has to perform real-time av-scans on the corresponding paths by either integrating an AV server via ICAP or a local instance of ClamAV.

Have any of you done something similar or do you know of a better, proven way to accomplish this?

Thanks in advance for your answers

I haven’t yet, but I’d likely do a local ClamAV instance and a systemd script to do regular scans.

I’d be doing it for a single-user NAS that I occasionally transfer videos to and probably would do the most thorough scan options on the whole drive monthly.

I imagine ClamAV has a way to either do real-time polling on files in a folder to then initiate scanning on new/changed files, or possibly files can be passed directly to it in-RAM before reaching the drive.

Maybe something like File transfer to server from a client → file gets stored on tmpfs for ClamAV scanning (either kept or quarantined) → drive storage, and possibly some status watches on ClamAV’s daemon for quarantines.

1 Like

My experience ( years ago ) with clamav was that it missed new threats, but did regularly find older malware in users’ saved emails.

1 Like