[clamav-users] using clamdscan and clamd to do complete file system scan

John McGowan john at lynch2.com
Thu Apr 30 15:03:28 UTC 2015 

I agree with everything you've said.

In my situation I'm simply choosing the least path of resistance in
making a PCI QSA happy.  For years i've been able to not do AV on our
Linux hosting environment because the systems were "not commonly
affected".

The Auditors opinions (warranted or not) on that are different now, so
I'm just trying to demonstrate diligence. by having ClamAV installed
and scanning some key directories.

/John

On Wed, Apr 29, 2015 at 12:27 PM, G.W. Haywood
<clamav at jubileegroup.co.uk> wrote:
> Hi there,
>
> On Wed, 29 Apr 2015, John McGowan wrote:
>
>> ...
>> I suspect that most people use clamdscan to do "one off" scanning,
>> (mail servers, etc)
>
>
> My suspicion is that most people don't do it at all on Linux boxes.
>
> There is absolutely no point in scanning the entire filesystem on a
> typical Linux box for millions of Windows viruses, since they won't be
> there.  It would be a complete waste of effort and resources, and I
> certainly never do it on the dozens of Linux boxes that I run.
>
> There might be a case for scanning parts of a Linux filesystem if it's
> used for example as a file server for Windows clients.  Amongst other
> scanners I use clamd via a Sendmail milter to scan both incoming and
> outgoing mail on my mail servers, but mainly because the third-party
> signatures catch lots of unwanted mail.  And even now there are a few
> people Out There who are still using Windows boxes; it would be bad if
> any person in my employ unwittingly passed a virus-ridden message from
> one Windows user to another, even if the machines which my people use
> are completely immune to infection by practically all of the malware
> for which the mail systems are scanning.  The mail is scanned on the
> fly and it never gets as far as being written to the filesystem if any
> of the scanners detects something which one might consider unpleasant.
>
>> ... I'm looking for more of a traditional daily "scan the entire
>> file system" solution.
>
>
> I'm not sure that there's anything 'traditional' about scanning Linux
> boxes for viruses.  I've never found one in that way, but I've found
> literally many thousands by scanning Windows boxes in the same way.
>
> Incidentally if you do scan a Linux filesystem, don't scan things like
> /proc and /dev because you might not like the results.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml



-- 
John McGowan

Lynch2
792 West Bartlett Road
Bartlett, Illinois 60103

www.lynch2.com
direct: 630.473.3185
main:847.608.6900 Ext 4110

More information about the clamav-users mailing list