This still has value as it can help catch things in action. It doesn't replace
periodic scans either to catch malware discovered since the initial scan.
There are a variety of ways of doing this if scanning everything in one shot
isn't feasible. One option would be to split files up using a
Tripwire presumes a golden fileset at the outset, that is, scanned to the degree
possible before enabling Tripwire. The fear of zero-day loop is infinite.
dp
On 3/21/18 6:41 PM, Paul Kosinski wrote:
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamAV, identifying files using SHA1 hashing
(with a few 'stat' results like inode and timestamp for good measure).
I gave up when I realized that even if a file had already been scanned,
it might have
It is possible to integrate ClamAV and Tripwire to get to a scan-once
environment. Include puppet or CFEngine for a more complete tool.
dp
On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote:
Good morning Tsutomu,
Al is quite correct. clamd and clamdscan maintain no memory of what has been
Good morning Tsutomu,
Al is quite correct. clamd and clamdscan maintain no memory of what has been
scanned before.
In your ordinary use case, you simply run clamdscan over whatever you want to
scan. You can exclude specific directories in your configuration if you want
to point clamdscan at
Thank you so much.
Your advice was very helpful.
I would also like to wait for a message from the developer.
On Thu, 15 Mar 2018 23:13:09 -0700
Al Varnell wrote:
> I believe the developers are hard at work planning for the future this week,
> so they can probably can give
I believe the developers are hard at work planning for the future this week, so
they can probably can give you better answers than I later on.
I suspect some of this may be platform specific, so my answers are based on my
macOS experience.
clamd scans every file that clamdscan tells it to, so