On Wed, 21 Dec 2016 20:05:27 (CET) Kees Theunissen wrote: > > On Wed, 21 Dec 2016, Mark Foley wrote: > > >On Wed, 21 Dec 2016 17:34:05 Reindl Harald wrote: > >> > >> Am 21.12.2016 um 17:25 schrieb Mark Foley: > >> > I'm running clamdscan on Maildir folders as: > >> > > >> > clamdscan --config-file=/usr/local/etc/clamdscan.conf --multiscan \ > >> > --fdpass --allmatch --stdout /home/HPRS/user/Maildir/ > >> > > >> > I want to skip checking for OLE2 macros. The > >> > /usr/local/etc/clamdscan.conf has: > >> > > >> > ScanOLE2 no > >> > OLE2BlockMacros no > > Also specify different values for "LocalSocket", "PidFile" and "LogFile" > and start a second instance of the clamd daemon using this config file. > > < ... > > > >Thinking about what the "d" means doesn't help me solve my problem. clamdscan > >has an option --config-file. I would assume clamdscan would spawn another > >clamd > >with the new option file. Is this not the case? Will the currently running > >clamd > >be used regardless of the --config-file parameter? > > Clamdscan will connect to the socket specified in the config file and > hence to the right deamon process. The socket specification is probably the > only parameter from the config that is used by clamdscan. >
Kees - thanks for that info. So, basically I'd have to start a new clamd with a different socket and therefore pointing to a different config file. Not sure then what the point of the --config-file parameter to clamdscan is ... Anyway, that's too much fiddling for what I need. My purpose in this particular scan is to periodically scan (via cron) the domain Maildir repositories for viruses not initially caught by the clamav-milter. This does happen not infrequently because, I suppose, updated signatures reveal possible virus in old messages that made it through before those signature were added. However, Heuristics.OLE2.ContainsMacros (OLE2BlockMacros yes) are ubiquitous in .xls attachments from usually legitimate senders and would indicate hundreds of "infected" files in the Maildir folders. So, what I will do is keep the "OLE2BlockMacros yes" for clamd/clamav-milter for quarantining such incoming messages (I can manually release legitimate ones later), but I'll use clamscan (not clamdscan) with the settings shown below for semi-daily scanning of the Maildir folder without the --block-macros=yes parameter. This seems to give me the results I want. clamscan -a --no-summary --stdout --infected --recursive --allmatch \ --scan-mail=yes --scan-ole2=yes /home/HPRS/user/Maildir/ Thanks! --Mark _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
