I'm tring to build up some sort of ``system scan'' script that,
nightly, scan all my debian/samba servers and report infections.
Script works, but i've some strange result, or at least probably i've
not understood well the clamscan command line options.
I start clamscan with a cmdline like:
clamscan --quiet --stdout --recursive --infected --no-mail \
--exclude-dir=/srv/quarantena --move=/srv/quarantena \
--log=/var/log/sysscan.log /home /srv
and AFAI've understood well, the --exclude-dir excludes directory
patterns from the scannning process. But i find in log:
/home/user/.profile9x/Application Data/sgrunt/IE4321.exe: Dialer-319 FOUND
/home/user/.profile9x/Application Data/sgrunt/IE4321.exe: moved to
'/srv/quarantena//IE4321.exe.000'
[...]
/srv/quarantena/IE4321.exe.000: Dialer-319 FOUND
File excluded '/srv/quarantena/IE4321.exe.000'
So seems that --exclude-dir apply not to scanning, but to moving...
Can i tackle log the report sum script to ignore row like these, but
i'd prefere not to scan --exclude-dir ... clamav is a powerful tool, a
wonderful antivirus, but a bit slow...
Also, i've noted that even if i've put --no-mail, this script quarantine
a Thunderbird mailbox, that is in unix mailbox format.
What i'm missing here?
trinity:~# clamscan --version
ClamAV 0.88/1278/Mon Feb 6 12:05:04 2006
debian sarge, taken from volatile, daily upgrade.
--
dott. Marco Gaiarin GNUPG Key ID: 240A3D66
Associazione ``La Nostra Famiglia'' http://www.sv.lnf.it/
Polo FVG - Via della Bontà , 7 - 33078 - San Vito al Tagliamento (PN)
marco.gaiarin(at)sv.lnf.it tel +39-0434-842711 fax +39-0434-842797
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
