Feature request - please integrate Linux Malware Detect (LMD) with ClamTK

[phd21]

Hi Dave of ClamTK,

Thank you for ClamTK.

Feature request - please integrate Linux Malware Detect (LMD) with ClamTK along with ClamAV.

I have both ClamAV and Linux Malware Detect installed and from all that I have read, LMD is better than ClamAV alone and uses the clamav scanning engine. Is this correct to the best of your knowledge? But, it only runs from the console terminal prompt and there is no nice desktop GUI like your great ClamTK for ClamAV.

Do you think there is a way to update ClamTK to recognize if LMD is installed and if so run "maldet" commands instead of clamav commands or give the user the choice of which scanning engines to use? And of course be able to report the results of the scan and or to take further action like to quarantine.

Here is a Linux Mint Post with links to LMD and ClamTK and ClamAV https://forums.linuxmint.com/viewtopic.php?f=90&t=238726&hilit=maldet

Best regards, Phil (phd21)

[dave-theunsub]

Hi Phil,

Thanks for the feedback. I'm not very familiar with LMD, so I'll check it out.

A big issue right off the bat is that I didn't find any rpms or debs for easy installation. An easy install is one of the primary goals for clamtk (and related projects). That is, it should be available in the main repositories and just a package manager double-click or apt-get or dnf or yum away from install.

Nonetheless, it does look interesting and I'll take a look at it. It is still possible to have it check for (e.g.) an LMD executable and prompt to use it instead.

respectfully Dave M

[phd21]

Hi Dave,

Thank you for your quick reply.

Although there are no typical easier installation options for "LMD" that I know of, it is not hard to install and configure.

The installation of LMD should not affect how nice and easy it is to install your ClamTK application.

If you install LMD using the instructions from their website or from my replies in the Linux Mint post, you will see how it works. Other than its own commands (maldet), it is not that different from ClamAV except it is supposed to be more effective and uses its own antivirus and anti-malware definitions along with the installed clamav definitions.

As an ex-software developer and longtime computer user, it just seems like your nice ClamTK application could be updated to use LMD (if it is installed) and or ClamAV which would benefit all the users.

Maybe even other antivirus anti-malware engines could also be used from ClamTK? If it is possible to add other scanning engines and or anti-virus definitions, then that would make it even better.

I know some people use the online website "VirusTotal", but that requires being online and uploading files to be scanned or using file URL's. I do not know if they provide an "api" that would allow 3rd party applications like ClamTK to use all their scanning engines without having to upload all the files to be scanned or not? And their free API is very limited "to at most 4 requests of any nature in any given 1 minute time frame. If you run a honeyclient, honeypot or any other automation that is going to provide resources to VirusTotal and not only retrieve reports you are entitled to a higher request rate quota"

VirusTotal API - Getting started https://developers.virustotal.com/reference

VirusTotal/c-vtapi: Official implementation of the VirusTotal API in C programming language -- I was able to easily compile this in Linux KDE Neon https://github.com/VirusTotal/c-vtapi

Thank you for your consideration on this request and your work on ClamTK.

Have a great day and night!

Best regards, Phil (phd21)

[dave-theunsub]

Closing for now; integrating will probably not be possible yet. I'm rewriting clamtk in another language, so that's taking all my extra time. I like the idea, though.

Also, you can already upload and get results from Virustotal through the Analysis button. It probably needs to be made better though.

Thank you for all your valuable insights!

respectfully,
Dave M