Dennis Peterson wrote the following on 11/29/2006 7:23 AM -0800:
Virgo Pärna wrote:
On Tue, 28 Nov 2006 12:25:14 -0800, Dennis Peterson
<[EMAIL PROTECTED]> wrote:
Chris Purves wrote:
/tmp/clamscan/*' I get the following error:
/usr/bin/clamscan: Argument list too long
This sounds like the command line limit for the OS. The list is
quite large at 5000 - for that it would probably make sense to
script a Perl solution that uses the stream input to clamd via
sockets. Perl can also
Well, I think that much easier would be to run
clamscan /tmp/clamscan
instead of clamscan /tmp/clamscan/*
That won't work. Let me summarize where this thread has gone:
All the files in /tmp/clamscan are soft links to files scattered
around the disk. They were created for the purpose of providing a
single location for clamscan to use to scan a varying list of files on
a nightly basis. Clamscan does not scan links in recursive mode hence
the method suggested.
An unknown problem at the time of the suggestion was the large number
of files in /tmp/clamscan - far more than can be handled with the
command shown. It is an OS limitation. And since another requirement
is to avoid multiple invocations of clamscan, other tools such as
xargs are not appropriate.
The most recent suggestion is to run a perl script that reads in a
text file list of files to scan, and to submit those files to clamd in
a stream via a socket connection. This gets around the requirement of
running clamd as root while still scanning files otherwise unreadable
by clamd user. It also allows preprocessing the list to deal with
unusual characters in the filename such as spaces and linefeeds, and
to create a log of results.
There is a Perl module at CPAN that handles all the ClamAV functions
needed and with a little additional code the OP can recreate a work
alike to clamscan that can read a file list of files to scan and
submit them to clamd in a stream, and to capture the scan results to a
log. And since this allows scanning the files in situ, it is no longer
needed to create links to them in /tmp.
The additional suggestion was put forward that one could hack the
clamscan code to provide for reading in a list of files to scan and a
product improvement bug was submitted but that there was concern the
coders were so busy writing patterns for phishing exploits there
wasn't time to work on the software. This last part is intended as humor.
dp
One other option was to run a second instance of clamd pointed to a
different config file and run the second instance as root. Then
clamdscan should be able to scan all files in all directories without
permissions issues.
Bill
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
