[clamav-users] clamav incremental scan?
Andrew C Aitchison
clamav at aitchison.me.uk
Sun May 9 11:10:32 UTC 2021
On Tue, 4 May 2021, Michael Wang wrote:
> I do not disagree with you on the separate functionality of the scheduling
> engine and scanning engine. The question is: does such an engine exist?
ClamWin has a scheduler
https://clamwin.com/content/view/71/1/
but, although based on ClamAV, ClamWin is a separate project and team.
> I am new to ClamAV, does the question / solution ever pop up?
The question pops up a lot, often in disguise,
but there is not really a solution.
I believe that this is because a Linux machine is much more
likely than a Mac or Windows machine to be a multi-user system,
and thus the requirements are likely to be different.
If you did a full scheduled scan of a multi-user system,
what would you do if the scan found malware in a(nother) user's file ?
Without an answer to that, how do you design a front end (such as a scheduler)
> I feel it is too much for each individual user to implement such a scheduling
> engine.
You can write one in a one line of script that runs in a cron job:
find /home/user -type f | xargs clamdscan --fdpass
Yes it could be improved, but this does the job
and which improvements are relevant to your needs ?
As your original email says, scanning every file every time may not
be necessary, but unless you do what happens if an update includes a definition
for a virus that is aready inside a file that "doesn't need to be scanned" ?
Perhaps the answer is to do on-access scanning, rather than regularly scheduled
scans. However, that could make the machine feel sluggish, or actually perform
poorly.
--
Andrew C. Aitchison Kendal, UK
andrew at aitchison.me.uk
More information about the clamav-users
mailing list