As Ged pointed out, the fact that /home is mounted as a separate mount-point (even though it's the same device), leads the system to see them as different filesystems (you can umount /home without umount'ing /)

As a result, your use of cross-fs=no tells clamscan to not cross filesystem boundaries and, in this case, it skips /home. If /home was NOT its own mount, running clamscan on / would result in home being scanned. Alternately, running clamscan against /home (and using the same command-line arguments) would result in /home getting scanned, but everything else getting excluded.

--Maarten

On Fri, Apr 8, 2022 at 1:44 PM Bob Power via clamav-users <clamav-users@lists.clamav.net> wrote:
Hey Ged,

Thanks for getting back to me.

I'll overlook the sarcastic cynicism - it's probably healthy (and I'm partial myself). As to xargs, I wanted a config file rather than command line but clamd/clamdscan raises more complications around user and selinux permissions etc so xargs seemed, ironically, the simplest/quickest way forward.

Dunno why / and /home being on the same fs didn't spook me - I suppose I just accepted it as a Fedora thing as Fedora's not my usual distro - in any case thanks for highlighting it and prompting me to find https://unix.stackexchange.com/q/621771/295876 ... which says this is normal for Fedora now - not something to be concerned about.

It would seem that clamscan should be scanning /home but just doesn't take this Fedora/btrfs situation into account ( its a std Fedora 35 WS install albeit as a VM )

If this is the reason then that's technically a bug I'd say - there are 2 legitimate dirs to scan.

Any thoughts before I post on github ?

Bob.

On Friday, 8 April 2022, 18:12:09 BST, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:


Hi there,

On Fri, 8 Apr 2022, Bob Power via clamav-users wrote:

> [root@fedora bob]# cat clamscan.conf
> ...
> [root@fedora bob]# xargs -a clamscan.conf clamscan / > ...

Kinda creative and unnecessary, I think, to use xargs in this way and
the result goes against the 'man' page for clamscan although I guess
you'll get away with it.  Normally I'd prefer to show full pathnames
for something like this, and keep the commands as simple as possible.
You don't need quotes in your regexes in clamscan.conf, they'd only
be necessary if there were things like space characters in them.

> Output from df on excluded dirs:
> Filesystem    1K-blocks    Used    Available Use% Mounted on
> /dev/vda2      975712256    5701400 968353688  1% /
> /dev/vda1        996780    270116    657852  30% /boot
> devtmpfs            4096          0      4096  0% /dev
> /dev/vda2      975712256    4757620 969293244  1% /home

If we are to believe what you've pasted there then you have /dev/vda2
mounted twice, once on '/' and once on '/home'.  Why it seems to think
that you have different amounts of space 'Used' and 'Available' on the
partition when it's mounted on different mount points I don't know but
it feels like something's badly messed up and you should sort that out
before you do anything else.


> ...
> /home: Excluded                        - SAME FS: ???
> ...
>
> So why is /home excluded ?


I think it's telling you - the partition is mounted twice and it's a
little concerned by that.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml