Would it be beneficial to install maldet on Whonix Workstation? I would like to be able to scan files for potential malware. There is somewhat recent debian packaging here (this also installs ClamAV):
It may not be the smartest thing, but I decided to try it out after reading those articles, as I don’t have much to lose and sometimes there’s only one way to learn. maldet does not seem to be able to scan a mounted veracrypt partition as a non-root user, and I’m afraid to run it as root, as I don’t know if there are any security consequences in doing so. ClamTK, however, seems to be able to read files in external partitions.
I don’t know if these utilities are completely useless, or at worst provide a broader attack vector, but I thought it’d be something to try. I also feel safer scanning files for malware inside of Whonix than on my main host OS
nevermind, ClamAV doesn’t seem to be working either. i cant update the antivirus signatures
Check if bug was reported upstream already and if not please report a bug as a contribution to Open Source.
Is it a bug though? Taking another look at this, and it seems like either maldet or freshclam use DNS requests to refresh the definitions. Workstation does not seem to have any control over DNS. I don’t understand how this makes sense, why would DNS be needed in any way to update the signatures? This link shows the exact error I get trying to run freshclam:
So I tried manually dropping the main.cvd file from my host system which uses Clam to Workstation via shared folder. Clamscan still does not work, I get these errors:
LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/main.cvdK sigs
LibClamAV Error: cli_loaddbdir: error loading database /var/lib/clamav/main.cvd
LibClamAV Error: cli_loaddbdir: No supported database files found in /var/lib/clamav
I used chown clamav:clamav on the file so I don’t see why it can’t read it. Again, I don’t know if these are bugs or just user error on my part. I can’t even get maldet to scan files on my regular OS, although clamscan does work.