I often have clients who come in with USB drives full of files that we need to ingest. Currently, we run antivirus scans on the files directly from our endpoints, which feels risky. We've made progress since last year when we weren't scanning at all, but I need a solution that's low-friction to ensure adoption among my team. I was considering setting up a dedicated quarantine machine—possibly a Linux system that mounts USB drives as read-only, scans with ClamAV, and transfers clean files to a secondary drive for staff access. Before I go for a DIY approach, I'm curious if there are any ready-made solutions available. I've checked out CIRCLean, but it seems outdated. Ideally, I'm looking for something that can maintain file formats, is compatible with a Raspberry Pi or an old NUC, and requires minimal maintenance. How are others managing such challenges?
3 Answers
You could definitely use a Raspberry Pi, maybe even attach it to a monitor with a USB port labeled clearly. Just set up a simple script to run a scan and notify if it's clean before copying only the safe files to a shared location. I know it sounds like a bit of work, but sending large files over email isn't always an option, especially with bigger items like videos. Although, adding more steps sometimes can lead to confusion.
What you're describing is known in the industry as a 'Sheep dip' machine. Your plan for a dedicated Linux box running ClamAV seems solid, but just be prepared for how much manual checking you'll need to do.
Many budget NAS devices support connecting USB drives and include a one-touch copy feature to their RAID shares, plus independent AV scanning. You could set one up and provide easy access to the files while maintaining security. However, from my experience, I suggest writing a policy against USB sticks altogether. I did this at my last two jobs, and it really reduced risks. People eventually adapted to safer file transfer methods, and it worked well!
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures