Re: [clamav-users] Question about the clamdscan

2018-03-21 Thread Dave Warren
This still has value as it can help catch things in action. It doesn't replace periodic scans either to catch malware discovered since the initial scan. There are a variety of ways of doing this if scanning everything in one shot isn't feasible. One option would be to split files up using a

Re: [clamav-users] Question about the clamdscan

2018-03-21 Thread Dennis Peterson
Tripwire presumes a golden fileset at the outset, that is, scanned to the degree possible before enabling Tripwire. The fear of zero-day loop is infinite. dp On 3/21/18 6:41 PM, Paul Kosinski wrote: A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for

Re: [clamav-users] Question about the clamdscan

2018-03-21 Thread Paul Kosinski
A few years ago, when Tripwire was no longer free, I set up a "scan once" environment for ClamAV, identifying files using SHA1 hashing (with a few 'stat' results like inode and timestamp for good measure). I gave up when I realized that even if a file had already been scanned, it might have

Re: [clamav-users] Question about the clamdscan

2018-03-21 Thread Dennis Peterson
It is possible to integrate ClamAV and Tripwire to get to a scan-once environment. Include puppet or CFEngine for a more complete tool. dp On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote: Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been

Re: [clamav-users] Question about the clamdscan

2018-03-20 Thread Micah Snyder (micasnyd)
Good morning Tsutomu, Al is quite correct. clamd and clamdscan maintain no memory of what has been scanned before. In your ordinary use case, you simply run clamdscan over whatever you want to scan. You can exclude specific directories in your configuration if you want to point clamdscan at

Re: [clamav-users] Question about the clamdscan

2018-03-19 Thread Tsutomu Oyamada
Thank you so much. Your advice was very helpful. I would also like to wait for a message from the developer. On Thu, 15 Mar 2018 23:13:09 -0700 Al Varnell wrote: > I believe the developers are hard at work planning for the future this week, > so they can probably can give

Re: [clamav-users] Question about the clamdscan

2018-03-16 Thread Al Varnell
I believe the developers are hard at work planning for the future this week, so they can probably can give you better answers than I later on. I suspect some of this may be platform specific, so my answers are based on my macOS experience. clamd scans every file that clamdscan tells it to, so