On Wednesday 10 February 2016 05:29:19 Brad Scalio wrote: > I've seen a lot of fodder on clamd vs clamscan, running 0.99 on > RHEL6.7 exit/entry points ... While it's easy enough to use clamscan > via cron, is there any good stepwise SOP on getting clamd to work > permission wise to scan all filesystem? I like the ability to have it > all controlled via the daemon, easier to enforce configurations via > puppet, easier quick checking and tweaking of conf, etc ... Apologies > if I missed the page or doc, but been googling for months to find a > simple guide. > > If clamscan is the preferred way, I'm fine with that, just not sure > why there's a daemon then? Is it for on-access, more for other OS > installs? > > Thanks! > Brad
When doing a bulk scan. clamscan via cron seems to be the peferred usage. When procmail asks for an incoming email scan, then clamd is used. But, I do wish that clamd would send me a substitute email advising that it has stashed a suspect incoming email into the mailfile /var/spool/mail/virii. I try to look that file over for FP's, but quickly get lost in the visual garbage because its probably a zip'd file. I just looked over 260kb of what clamd id'd as virii, but which in fact are 5 messages from my bank about a new CC they were sending me, and some 5 or 6 were propaganda from AARP. And 3 shipping notices regarding stuff I bought thru ebay. In this case, an FP rate in excess of 90%! That is so high that I am expunging the clamd recipe from my .procmailrc as the next thing I do. Only two files containing .zip's, were real suspects, and I do have a delete button. Also on my wishlist is a clamscan recipe that only sends me an email IF it finds something. Those are useless noise IMO. Cheers, Gene Heskett -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
