[clamav-users] clamav incremental scan?
Benny Pedersen
me at junc.eu
Tue May 4 19:41:21 UTC 2021
On 2021-05-04 20:19, Michael Wang wrote:
> It seems that this should be a common question, but I did not find a
> definite answer via Google search. I saw solutions to only scan files
> in the last 60 days, but it is not difficult for a virus file to
> change date, isn't it? I can think of to maintain hash table with file
> name and its checksum, but looks like this should be a functionality
> of the clamav itself. How do you do it? Just do a full scan every
> time? Thanks.
fun part is that clamdscan needs root access, stupid
virus scanning must not be done as root user, else one knows why its
unsecure on unpacking
already files stored as non root users can only be changed by same user
if its malware, this includes change time stamps
as non root, isssue a touch malwarefile.exe, new upload
hope clamav team redo this insecure in clamdscan
More information about the clamav-users
mailing list