Hello,
We have been asked by a customer to run a regular AV scan on our device. I noticed ClamAV is part of the meta-security layer, yet it seems it is not installed in TorizonCore. Meta-security being already part of bblayers.conf, I should be able to bitbake parts of its recipes and append those to the image, right? What am I missing here? What should be the right approach to this?
Best,
Jaime
Greetings @jaimeibk,
In theory yes you should be able to just append the clam-av recipe to the Torizon image. However I can’t provide anymore information than that as we don’t have any substantial experience with clam-av. Also since I’m not sure how Clam AV works I’m unsure how “correct” the scan results would be on the Torizon system. That is to say when you do a scan with any tool the results should be looked at closely to see if they accurately reflect the system.
Best Regards,
Jeremias
Hi, @jeremias.tx
So, I got clamav in the image without any problem but as I tried to run it, I have encountered a couple of issues:
Best,
Jaime
It’s interesting that /usr/share/clamav is required, but wasn’t made automatically. Well in any case you an remount parts of the filesystem as read-write temporarily. A command like this should do sudo mount -o remount,rw /usr. This will remount /usr as read-write until the next power-cycle.
As for out of memory issue, there’s not much that can be done concerning that. I guess ClamAV isn’t optimized for lightweight systems. I’m not sure how the vulnerability database works, but perhaps you can update it on a desktop machine and transfer the files to the device.
Best Regards,
Jeremias
