On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote: > It appears clamav just does a substring match on the exclude, so it > would be easy to hide viruses. E.g. If I excluded .MYD, then you could > just have your virus named somevirus.MYD and it would not be caught. If
I would not exclude *.MYD globally. However: > I tried to exclude the mysql dir, then a user could have a virus hidden > in /home/someuser/var/lib/mysql/my-virus-here. Users should not be able to write to that directory at all, it should be owned/group mysql. If someone did put a virus there you would probably have a bigger problem - namely that mysql had been hacked. Clamd is for scanning specific things, and I don't think mysql db files is one of them. Not that verifying the integrity of your mysql files isn't a good idea, but I think it will take more than clam to do it. Off the top of my head you would want to look for named files that don't belong. After that, a DB integrity check (a good idea anyway) would find other files pretending to be DB files, as they would fail. ========================================================== Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/ _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
