mcd wrote:
This is an interesting approach, but let me explain a little more. I
will be
running md5sums for every file on a system. I will then compare that
list of
md5sums against a list of md5sums that are know to be virus free. The files
that do not have valid md5sums in the database will then need to be
scanned.
In a lot of situations this list of files will be in the thousands. At this
point would I be better off calling clamscan to scan the entire disk, or
call clamscan 10,000+ times with unknown files? I hope I am making this
clear. Thanks for all of your help.
I do this with TripWire. TripWire does checksum and more to determine if
a file has changed, and provides a comprehensive report you can use with
ClamAV. You can also start an instance of clamd that runs as user root
and feed it with clamdscan. It would be prudent to kill that instance at
the end of the scan. This loads the pattern file once and reuses it.
This introduces other issues. See clamdscan --help.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
