[clamav-users] Run script on file scanned but no virus found
Reindl Harald
h.reindl at thelounge.net
Fri Nov 3 11:47:02 UTC 2017
Am 03.11.2017 um 12:41 schrieb Chris Johnson:
> OK, so I've not used sockets before but with a little tweaking and a
> lot of googling I've got it working and it appears to work really
> well. Thank you
golden rule:
whenever you can have a long running service istead fork off processes
use it, be it clamd, spamassassin, lmtpd versus a delviery process
startetd for each message
when you then can decide TCP versus local unix socket always go with the
socket, it has much less overhead for the connection, don#t suffer from
the problem that the 65535 limit of closing connections in wait-state
make new connections impossible under high load (mysql 127.0.0.1 versus
localhost) and so on
> On 2 November 2017 at 19:42, Kris Deugau <kdeugau at vianet.ca> wrote:
>> Chris Johnson wrote:
>>>
>>> I have on access scanning configured and we successfully run a script
>>> when a virus is found. This script allows us to make a log that the
>>> file was scanned and a virus found. However we'd also like to run a
>>> script to make a log when the file has been scanned and no virus has
>>> been found
>>>
>>> there are 2 goals (and I accept there may be a different way of
>>> achieving these.)
>>>
>>> 1) Script are too fast
>>> The files we're scanning get uploaded through a web form
>>> On access scanning checks the file once uploaded
>>
>> You might do better to just integrate a call to clamdscan (note, not
>> clamscan, which loads the virus DB on each call) with your upload script
>> rather than rely on on-access scanning. You're already more or less in
>> control of when and where files actually get written to your local
>> filesystem, where on-access scanning is usually intended for situations more
>> like the conventional AV usage in Windows where files accessed by many
>> processes with many origins all need to be scanned.
>>
>>> We put a 1 second pause in before checking for the (deleted) file and
>>> this now works. However the file might take longer than 1 second to
>>> scan if its big or the server is busy.
>>
>> If scan speed is a concern, maybe something AJAXy to send feedback on the
>> state of the upload (eg "Uploading", "Scanning", "OK"/"Virus found") rather
>> than just stalling the main script while the scan runs.
More information about the clamav-users
mailing list