On Monday 06 Feb 2006 14:04, Marco Gaiarin wrote: > I'm tring to build up some sort of ``system scan'' script that, > nightly, scan all my debian/samba servers and report infections. > > Script works, but i've some strange result, or at least probably i've > not understood well the clamscan command line options. > > > I start clamscan with a cmdline like: > > clamscan --quiet --stdout --recursive --infected --no-mail \ > --exclude-dir=/srv/quarantena --move=/srv/quarantena \ > --log=/var/log/sysscan.log /home /srv > > and AFAI've understood well, the --exclude-dir excludes directory > patterns from the scannning process. But i find in log:
try --exclude-dir=quarantena as it is a pattern, not a path, might work ;-) > > /home/user/.profile9x/Application Data/sgrunt/IE4321.exe: Dialer-319 FOUND > /home/user/.profile9x/Application Data/sgrunt/IE4321.exe: moved to > '/srv/quarantena//IE4321.exe.000' [...] > /srv/quarantena/IE4321.exe.000: Dialer-319 FOUND > File excluded '/srv/quarantena/IE4321.exe.000' > > So seems that --exclude-dir apply not to scanning, but to moving... > Can i tackle log the report sum script to ignore row like these, but > i'd prefere not to scan --exclude-dir ... clamav is a powerful tool, a > wonderful antivirus, but a bit slow... > > > Also, i've noted that even if i've put --no-mail, this script quarantine > a Thunderbird mailbox, that is in unix mailbox format. > What i'm missing here? > > > trinity:~# clamscan --version > ClamAV 0.88/1278/Mon Feb 6 12:05:04 2006 > > debian sarge, taken from volatile, daily upgrade. -- ----------------- Bob Hutchinson Midwales dot com ----------------- _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
