We have been asked by a customer to run a regular AV scan on our device. I noticed ClamAV is part of the meta-security layer, yet it seems it is not installed in TorizonCore. Meta-security being already part of bblayers.conf, I should be able to bitbake parts of its recipes and append those to the image, right? What am I missing here? What should be the right approach to this?
In theory yes you should be able to just append the clam-av recipe to the Torizon image. However I can’t provide anymore information than that as we don’t have any substantial experience with clam-av. Also since I’m not sure how Clam AV works I’m unsure how “correct” the scan results would be on the Torizon system. That is to say when you do a scan with any tool the results should be looked at closely to see if they accurately reflect the system.
So, I got clamav in the image without any problem but as I tried to run it, I have encountered a couple of issues:
- When I run clamscan to start scanning the system, I get the [upload|sLgiharRdEWIisW3ek6k0EJ+BSw=]. So, no such file or directory in /usr/share/clamav. I cannot sudo mkdir clamav because it is read-only file system. How can I work around this issue?
- freshclam, an utility clamav has to update the vulnerability database, it will make the machine run out of memory, and for the process to be [upload|xfhzjjRU/UhATefMZCk60dSjJ3A=].
It’s interesting that
/usr/share/clamav is required, but wasn’t made automatically. Well in any case you an remount parts of the filesystem as read-write temporarily. A command like this should do
sudo mount -o remount,rw /usr. This will remount
/usr as read-write until the next power-cycle.
As for out of memory issue, there’s not much that can be done concerning that. I guess ClamAV isn’t optimized for lightweight systems. I’m not sure how the vulnerability database works, but perhaps you can update it on a desktop machine and transfer the files to the device.