Open raboof opened 1 year ago
Just some thoughts, may or may not be useful:
ClamAV has a VirusEvent
config option it can run when it receives an event
For desktop notifications (from clamav output) on our work machines we have a systemd user service that checks for the events instead so that it has access to the user's own dbus without requiring sudo
Desktop notifications themselves aren't great for detailed messages as you can't seem to format them (at least with gnome's presentation of them) It might be necessary to create a detailed report as a document/image/html then have the notification go there.
Or rather than a notification that can just be dismissed by accident maybe a tray item (or an extension in the case of gnome) would be nice where found results can be triaged by the user and potentially marked as ignored etc.
A bunch of this could be implemented later in a complementary tool rather than the initial implementation
When the local vulnerability scan detects new vulnerabilities, the user should somehow be notified of this.
One approach might be to use systemd's
OnFailure
option for this: theOnFailure
could be configured by the user to send a notification to some oneshot systemd notification service. This notification service could then be 'anything': sending email or posting a message in slack or perhaps even somehow popping up a desktop notification.Since this is an arguably 'generic' interface, for the first milestone it would be sufficient to show implementing a single notification service, and leave creating more compelling ones for future implementation.
One challenge is how to get the detailed vulnerability information into the notification: it looks like systemd only allows passing along 'specifiers' (section 'Specifiers' in https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html). Perhaps it could just pick it up from a well-known location in
/var/lib
- since anyone can run the reports its contents shouldn't be sensitive anyway.