Re: [Clamav-users] Suggestion: Read list of files to scan from file/stdin

Wed, 28 Jan 2004 16:06:43 -0800 

On Tue, 27 Jan 2004 at 15:23:56 -0800, Ryan Finnie wrote:
> 
> I was looking for a way to set up a cron job to, once per day, scan only
> files that have changed in the last day.  find works pretty well for that,
> but the question is how to get the data to clamscan.  My first thought was
> xargs, but xargs isn't the most consistent when dealing with spaces/quotes
> in filenames, 

For a tip, read on...

> and plus you have a limit on the total size of args passed
> to a program.  The current best working solution would be to do this:
> 
> find /path -ctime -1 -exec clamscan \{\} \;
> 
> but that invokes clamscan for EVERY matching file found.  Instead, I would

To minimize wasting time and resources on invoking clamscan for multiple
files, use clamdscan.

> like to request that a new flag, say -f, be added to clamscan/clamdscan
> that takes a list of files, one file per line, from a file (-f file) or
> stdin (-f -).  That way you could do:
> 
> find /path -ctime -1 | clamscan -i -f -
> 
> or:
> 
> find /path -ctime -1 > /tmp/toscan
> clamscan -i -f /tmp/toscan
> 
> and put it in a nightly cron job.  What do you think?
> 
> RF

Tips related to filenames with spaces, quotes etc.:

find /path -ctime -1 -print0 | xargs -0r command


man find:
       -print0
              True; print the full file name on the standard out­
              put, followed by a  null  character.   This  allows
              file  names  that  contain newlines to be correctly
              interpreted by programs that process the find  out­
              put.


man xargs:
       --null, -0
              Input filenames are terminated by a null  character
              instead  of by whitespace, and the quotes and back­
              slash are not special  (every  character  is  taken
              literally).  Disables the end of file string, which
              is treated like any other  argument.   Useful  when
              arguments  might  contain white space, quote marks,
              or backslashes.  The GNU find -print0  option  pro­
              duces input suitable for this mode.

       --no-run-if-empty, -r
              If  the  standard  input  does not contain any non­
              blanks, do not run the command.  Normally, the com­
              mand is run once even if there is no input.


-- 
 Tomasz Papszun   SysAdm @ TP S.A. Lodz, Poland  | And it's only
 [EMAIL PROTECTED]   http://www.lodz.tpsa.pl/   | ones and zeros.
 [EMAIL PROTECTED]   http://www.ClamAV.net/   A GPL virus scanner


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Clamav-users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/clamav-users

Reply via email to