[clamav-users] clamav incremental scan?

[Grant Taylor]

On 5/4/21 12:19 PM, Michael Wang wrote:
> looks like this should be a functionality of the clamav itself.

What you are describing sounds like something independent of the ClamAV 
/scanning/ engine.  More specifically, it sounds like the responsibility 
of a /scheduling/ engine.

My understanding is that the scheduling is outside of the scope of what 
ClamAV normally does.

I see no reason why you couldn't have something -- run as a user with 
sufficient privileges to read the file(s) in question -- which maintains 
metadata about files; name, ctime, mtime, permissions, owner, group, 
hash, last scan time, etc, and determines if a file has changed since 
the last time it was scanned.  /That/ /scheduling/ engine could then 
easily ask the ClamAV /scanning/ engine -- likely running as a different 
non-root user -- to scan the files handed to it by -- what is 
effectively -- the /scheduling/ engine.

There are a lot of different ways to go about something like this.  My 
opinion is that most of them are outside of the scope of the ClamAV's 
/scanning/ engine.



-- 
Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210504/167348ee/attachment.bin>