> > Yes, I'm periodically doing scans of the full drive. I could just > skip > > the mysql directory, but that seems pretty bad security practice. > > Why does it seem that way to you ?
It appears clamav just does a substring match on the exclude, so it would be easy to hide viruses. E.g. If I excluded .MYD, then you could just have your virus named somevirus.MYD and it would not be caught. If I tried to exclude the mysql dir, then a user could have a virus hidden in /home/someuser/var/lib/mysql/my-virus-here. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
