Hi there, On Wed, 29 Apr 2015, John McGowan wrote:
... I suspect that most people use clamdscan to do "one off" scanning, (mail servers, etc)
My suspicion is that most people don't do it at all on Linux boxes. There is absolutely no point in scanning the entire filesystem on a typical Linux box for millions of Windows viruses, since they won't be there. It would be a complete waste of effort and resources, and I certainly never do it on the dozens of Linux boxes that I run. There might be a case for scanning parts of a Linux filesystem if it's used for example as a file server for Windows clients. Amongst other scanners I use clamd via a Sendmail milter to scan both incoming and outgoing mail on my mail servers, but mainly because the third-party signatures catch lots of unwanted mail. And even now there are a few people Out There who are still using Windows boxes; it would be bad if any person in my employ unwittingly passed a virus-ridden message from one Windows user to another, even if the machines which my people use are completely immune to infection by practically all of the malware for which the mail systems are scanning. The mail is scanned on the fly and it never gets as far as being written to the filesystem if any of the scanners detects something which one might consider unpleasant.
... I'm looking for more of a traditional daily "scan the entire file system" solution.
I'm not sure that there's anything 'traditional' about scanning Linux boxes for viruses. I've never found one in that way, but I've found literally many thousands by scanning Windows boxes in the same way. Incidentally if you do scan a Linux filesystem, don't scan things like /proc and /dev because you might not like the results. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
