Hi there, On Mon, 26 Apr 2021, Christian wrote:
... Alas I couldn't gel hold of a ClamAV manual.
Try typing "ClamAV manual" into any search engine.
I'm not sure about the *syntax* though. Should I use / or /dev/sdc1 as a starting point:
Unless you really know what you're doing, you will never want to scan anything in /dev. Much the same applies to /proc, /sys and similar. So you will probably never want to use anything which starts with any of those as the starting point (I'd call it the 'root') of a scan. The option '--cross-fs=no' just tells the scanner that no matter what links there are between directories in different filesystems, when it scans something recursively it is not to cross a filesystem boundary. The option does not care where the scan is rooted. With this option set to 'no', you could mount your USB stick under /usr and it still wouldn't be scanned, even if the root of the scan is /usr.
clamscan --cross-fs=no --recursive --infected --exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M --max-scansize=4000M / -l ~/clamav-scan-results/log OR: clamscan --cross-fs=no --recursive --infected --exclude-dir='^/sys|^/dev|^/proc|^/var/lib/clamav' --max-filesize=4000M --max-scansize=4000M /dev/sdc1 -l ~/clamav-scan-results/log
The former, although '4000M' is fiction (search the list archives). What's the risk of something nasty getting into your root filesystem? Have you thought about ways to make it much less likely to happen? Bear in mind that if ClamAV finds something, it's already too late to stop it getting there, and it might already have done whatever nasty things it's meant to do. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
