Jon Wagoner - Red Cheetah wrote: >>> Yes, I'm periodically doing scans of the full drive. I could just >> skip >>> the mysql directory, but that seems pretty bad security practice. >> Why does it seem that way to you ? > > It appears clamav just does a substring match on the exclude, so it > would be easy to hide viruses. E.g. If I excluded .MYD, then you could > just have your virus named somevirus.MYD and it would not be caught. If > I tried to exclude the mysql dir, then a user could have a virus hidden > in /home/someuser/var/lib/mysql/my-virus-here.
The session you run for system files can have different params than a session run in user space. Looks like you're trying to do it all with a single sweep. Not the way I'd do it, but it's a way. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
