[clamav-users] using clamdscan and clamd to do complete file system scan

[G.W. Haywood]

Hi there,

On Wed, 29 Apr 2015, John McGowan wrote:

> ...
> I suspect that most people use clamdscan to do "one off" scanning,
> (mail servers, etc)

My suspicion is that most people don't do it at all on Linux boxes.

There is absolutely no point in scanning the entire filesystem on a
typical Linux box for millions of Windows viruses, since they won't be
there.  It would be a complete waste of effort and resources, and I
certainly never do it on the dozens of Linux boxes that I run.

There might be a case for scanning parts of a Linux filesystem if it's
used for example as a file server for Windows clients.  Amongst other
scanners I use clamd via a Sendmail milter to scan both incoming and
outgoing mail on my mail servers, but mainly because the third-party
signatures catch lots of unwanted mail.  And even now there are a few
people Out There who are still using Windows boxes; it would be bad if
any person in my employ unwittingly passed a virus-ridden message from
one Windows user to another, even if the machines which my people use
are completely immune to infection by practically all of the malware
for which the mail systems are scanning.  The mail is scanned on the
fly and it never gets as far as being written to the filesystem if any
of the scanners detects something which one might consider unpleasant.

> ... I'm looking for more of a traditional daily "scan the entire
> file system" solution.

I'm not sure that there's anything 'traditional' about scanning Linux
boxes for viruses.  I've never found one in that way, but I've found
literally many thousands by scanning Windows boxes in the same way.

Incidentally if you do scan a Linux filesystem, don't scan things like
/proc and /dev because you might not like the results.

-- 

73,
Ged.