> On Fri, March 7, 2008 11:52 am, Jay Becker wrote: > >> Is there a way to force clamdscan to ignore network mounts (AFS, NFS, >> SMB)? For example, if several workstations use NFS to mount several >> directories on a server and I want all shared files to be scanned by >> only the server and each client responsible for scanning their local >> files. I know I could do a recursive scan using the exclude directory >> option, but it seems fairly clumsy as the mounted directories vary and >> there are quite a few clients. An option such as >> --restrict-to-local-filesystems would be great, but afaik it doesn't >> exist and I can't find evidence of other solutions (except for writing a >> script to find all local files and pass them to clamdscan). Thanks! >> >> > > Using clamdscan for this is probably the wrong idea unless clamd is > running as root and that's also a wrong idea generally speaking. Using > clamscan run as root gets around the privileges problems that clamd has > when it is running as an privileged user. > > So if you read the man page for clamscan you will find this option: > > --include=PATT, --include-dir=PATT > Only scan file/directory names containing PATT. It may be used multiple > times. > > It works fine for what you're trying to do. > > dp >
I know there are --include-dir and --exclude-dir options, which as I mentioned in my question do not meet my needs. I would rather not log in to a machine, check for where they have network mounts, and manually add them using --exclude-dir. This would be an alright option for a handful of machines, but on a large scale it is cumbersome. I also think that *not* scanning network file systems should be the default, simply due to the bandwidth use when scanning. It seems like usually it would be better for the scanning (except for on-access scans) to be done by the machine that is sharing the files rather than the ones accessing files. Of course, a user should be able to choose if they want to scan network fs as well. For the sake of another example, if a sysadmin has 1000 machines which all mount back and forth on various directories and they want to scan every file on every machine once a day, the most efficient way is to have every machine scan all of their local files. This is a contrived situation of course, but shows where a "local file system only" scan would be incredibly useful as an admin could push install clamav on every system and push the same config & cron job to every machine. If this simply doesn't exist as I suspect, just confirm and I will get to work on a script. If I missed something in the docs you are welcome to play the "if you read the man page" card, but please read the whole question before you do. Thanks! Jay Becker _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
