On Wed, 21 Oct 2020, giovanni+cla...@paclan.it wrote:
On 10/21/20 4:08 AM, Olivier via clamav-users wrote:
> Hi
>
> > I would like to know what would be the best way to do a virus scan
of
> > changed or new files only. I
> > want to run a daily scan of changed and new files during weekdays
and
> > run a full scan on
> > weekends.
> >
> > I did some search and was able to find a few ways of doing it but I
> > would also like your suggestions.
>
> There is that daemon that can report any changed files in an operating
> system, I known I played witg it many years ago as I wanted somethiung
> able to scan anything on the fly. It was on FreeBSD, but such daemon
> should exist for Linux too and it could send the files/filenames to
the
> scanning daemon.
>
you could use incrond(8) which uses the inotify(2) interface to scan for
changed files, this can be used to produce a list of files that will be
scanned later.
I was assuming that clamav's on-access scanning used the same
mechanism as inotify.
I imagine that scan-on-write produces less load than scan-on-read (for
most
user files - obviously not for logfiles that are never read)
- at the price of nissing the most recent virus definitions,
and that using clamav's on-access scanning has the advantage of catching
the
nasties before the file is used, unlike the inotify-bsed solutions, which
avoid the latency that on-access scanning produces ...
Since these points are all guesses, if anyone could confirm or refute
them, that would be appreciated.
My one piece of advice for anyone thinking of off-line scanning
would be to work out what you will do when your scanner finds a nasty.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
