Thank you for your reply. I appreciate your point, but in our environment the directories being scanned are user directories where only data files are stored. There is no risk to applications or other running processes.
----- Original Message ---- From: Derick Centeno <[EMAIL PROTECTED]> To: ClamAV users ML <clamav-users@lists.clamav.net> Sent: Tuesday, October 16, 2007 2:39:58 PM Subject: Re: [Clamav-users] Quarantine Infected Files Discovered by Clamuko -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Having a script parse the log file is not the problem. The documentation addressing the details of Clamav explain clearly that removing the infected file or files are the difficulty especially as the infected files may be key components or data files of email clients and/or other sensitive applications. It is never a good idea to have a script do a task which requires introspective analysis. In brief, do you really want to destroy an application you may need, to remove a virus or infection you don't? As each client or sensitive application implements it's task there cannot be a one task script or method which will work across all situations without risking damage to the working application. Unfortunately the people writing the infections know this as well; there is no way to automate an appropriately intelligent strategy for every real-world contingency. However, if one tasks time as a careful perhaps as a medical surgeon the chance may be good that you can remove the infection and if necessary reinstall or rebuild the application anew. On Oct 16, 2007, at 1:43 PM, Sean McGlynn wrote: > I read in another post that the only way to quarantine an infected > file that is discovered during an on access scan (i.e. via Clamuko) > it to write a script that would parse the log file for the location > of the infected file and then move it or delete it as desired. Is > this correct? If not, what is the appropriate method. If so, does > anyone have a good script already written that will perform this > function. > > Thank you much. -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) Comment: Secured via PGP Charset: US-ASCII wj8DBQFHFQWGlJjrgZpcO+0RAsFJAKCixJl7gfukLHKm1JimdA/FQHhYFwCeKf4M tbWJD+Mu7a/8b56jR0F69dQ= =N7RH -----END PGP SIGNATURE----- _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html ____________________________________________________________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
