This still has value as it can help catch things in action. It doesn't replace
periodic scans either to catch malware discovered since the initial scan.
There are a variety of ways of doing this if scanning everything in one shot
isn't feasible. One option would be to split files up using a hash
Tripwire presumes a golden fileset at the outset, that is, scanned to the degree
possible before enabling Tripwire. The fear of zero-day loop is infinite.
dp
On 3/21/18 6:41 PM, Paul Kosinski wrote:
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamA
A few years ago, when Tripwire was no longer free, I set up a "scan
once" environment for ClamAV, identifying files using SHA1 hashing
(with a few 'stat' results like inode and timestamp for good measure).
I gave up when I realized that even if a file had already been scanned,
it might have contai
It is possible to integrate ClamAV and Tripwire to get to a scan-once
environment. Include puppet or CFEngine for a more complete tool.
dp
On 3/20/18 5:01 AM, Micah Snyder (micasnyd) wrote:
Good morning Tsutomu,
Al is quite correct. clamd and clamdscan maintain no memory of what has been
sc
Good morning Tsutomu,
Al is quite correct. clamd and clamdscan maintain no memory of what has been
scanned before.
In your ordinary use case, you simply run clamdscan over whatever you want to
scan. You can exclude specific directories in your configuration if you want
to point clamdscan at
Thank you so much.
Your advice was very helpful.
I would also like to wait for a message from the developer.
On Thu, 15 Mar 2018 23:13:09 -0700
Al Varnell wrote:
> I believe the developers are hard at work planning for the future this week,
> so they can probably can give you better answers tha
I believe the developers are hard at work planning for the future this week, so
they can probably can give you better answers than I later on.
I suspect some of this may be platform specific, so my answers are based on my
macOS experience.
clamd scans every file that clamdscan tells it to, so s
Hi, all.
I have two question about the clamdscan;
1) Does the clamd skip scanning the files which are scanned before?
I want to know if the clamd remember which files are scanned, and skip them
when the scan is performed again.
2) Is there any case that a file is locked by the clamd (user cann