[clamav-users] ClamAV - What does the “clamd at scan” service do by default?

Paul Kosinski clamav-users at iment.com
Mon Jan 27 17:46:24 UTC 2020 

Don't know about scanning a microphone, but ClamAV would have endless
fun scanning a disk:

# l /dev/sdf
brw-rw---- 1 root disk 8, 80 Dec  7 22:32 /dev/sdf

# hexdump -C /dev/sdf | head
00000000  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001b0  00 00 00 00 00 00 00 00  e3 73 1a 28 00 00 00 00  |.........s.(....|
000001c0  02 00 ee ff ff ff 01 00  00 00 ae 88 e0 e8 00 00  |................|
000001d0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
*
000001f0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 55 aa  |..............U.|
00000200  45 46 49 20 50 41 52 54  00 00 01 00 5c 00 00 00  |EFI PART....\...|
00000210  0b f9 e1 c5 00 00 00 00  01 00 00 00 00 00 00 00  |................|
00000220  ae 88 e0 e8 00 00 00 00  22 00 00 00 00 00 00 00  |........".......|

Or a mouse:

# l /dev/input/mouse0 
crw-r----- 1 root root 13, 32 Nov  3 14:46 /dev/input/mouse0

# hexdump -C /dev/input/mouse0 
00000000  08 0e 04 08 10 04 08 13  06 08 12 03 08 12 02 08  |................|
00000010  13 04 08 12 03 08 0f 02  08 0a 02 08 07 03 08 03  |................|
00000020  02 08 01 00 08 01 00 08  02 01 08 02 01 08 02 00  |................|
00000030  28 02 ff 28 02 ff 28 01  ff 28 02 fd 28 01 fb 28  |(..(..(..(..(..(|
00000040  00 fa 28 01 f7 28 00 f6  28 00 f5 28 00 f4 38 ff  |..(..(..(..(..8.|
00000050  f3 38 fe f2 38 ff f0 38  fe f3 38 ff f4 38 ff f5  |.8..8..8..8..8..|
00000060  28 00 f6 38 ff f8 28 00  fb 38 ff fd 08 00 01 08  |(..8..(..8......|
00000070  00 01 08 00 01 08 00 02  18 ff 03 08 00 03 18 ff  |................|
[ad infinitum]



On Mon, 27 Jan 2020 15:06:46 +0000 (GMT)
"G.W. Haywood via clamav-users" <clamav-users at lists.clamav.net> wrote:

> Hi there,
> 
> On Mon, 27 Jan 2020, Graeme Fowler via clamav-users wrote:
> 
> > If you want to do a daily scan, the basic command would be:
> >
> >                clamdscan /
> >
> > ...but you need to configure clamd in /etc/clamd.d/scan.conf to do
> > this.
> 
> And at the risk of sounding like a broken record, the command
> 
> clamdscan /
> 
> is probably more dangerous than the things you're worried about.
> 
> There are parts of a Linux filesystem which you must not scan,
> because in Linux (and Unix systems generally) much of the guts
> of the system is exposed as what appears to be files in the
> filesystem, all of which appear somewhere below '/'.  Raw disc
> devices, USB hardware, sound devices, input and display devices
> for example can be found under /dev.
> 
> You don't really want to scan your microphone, do you?

More information about the clamav-users mailing list