[clamav-users] clamscan --disable-cache
Dave Sill
sillde at ornl.gov
Wed Sep 30 17:39:39 UTC 2020
"G.W. Haywood via clamav-users" <clamav-users at lists.clamav.net> wrote:
>
> There are ways around that, even if you don't want to run clamdscan
> (and clamd) as root - which I'd entirely understand.
Is --fdpass one of them? And --stream? Any others?
> >We've got about 3000 Linux systems that we'd like to periodically scan,
> >primarily to ensure that they're not being used to redistribute
> >Windows malware.
>
> A good use case, perhaps quite a tall order with a single clamd server
> but maybe doable if you can (a) limit what needs to be scanned and (b)
> define 'periodically' in terms of days (at least) and not hours.
We could use multiple clamd servers. And periodically in terms of days
would be OK.
> >Any attempt to skip "junk" will potentially skip malware, and hand
> >crafting scans for each system is not an option.
>
> That seems more like a management problem to me than a technical one.
The nature of our environment precludes actively managing all of the
Linux systems here, unfortunately.
> >Skipping multiple copies of the same file won't really help because
> >the duplication is across systems, and because every file will be
> >rescanned every time clamscan is run.
>
> That's not true of clamdscan.
Hmm...that's promising. I'll give it a try.
> And you probably won't know what's been modified in the past week unless
> you install Tripwire or something like that...
mtime would be sufficient for our purposes.
-Dave
More information about the clamav-users
mailing list