Hi there, On Sun, 29 Nov 2009 James Babcock wrote:
> I found a Known virus file (which is zipped) .. clamscan finds it; BUT > clamdscan DOES not. > > Is there a reason for this? Yes. Read the two sentence "DESCRIPTION" in man clamdscan which tells you why there's a difference. See also http://wiki.clamav.net/bin/view/Main/ClamscanVsClamd > Since finding this difference, I now use the clamscan script even > though it IS somewhat slower.... It would be better to learn how use the tools more effectively. The idea of any daemon is to start up, wait for something to happen, or for some process to communicate, and then do (for example) some things requested in a list, or things requested by the process that communicates. One such daemon is clamd, which reads a configuration file and some virus databases, then waits for processes to ask it to do some virus scanning. The way it behaves is largely defined by its configuration file. You can choose what that file is called and where it is, but usually it's called clamd.conf and on my systems that's in /etc/mail/clamav/. While the daemon is waiting, the only resources it's using to speak of are some bytes of memory. Quite a lot of them to be frank, but that's OK if you have a lot of them available. While it's running, but isn't actually scanning anything, clamd sleeps and uses very little CPU. Because clamdscan uses clamd, which has already done the hard work of reading the virus database, it doesn't have to do that itself. But it DOES rely on clamd to decide what to look for and what not to look for. That's in the daemon's configuration file. It's true that clamdscan accepts most of the options that clamscan accepts, but it ignores most of them. To my way of thinking that's daft, but you do get your money back if you aren't satisfied. :) Also, because clamdscan doesn't normally read the file and then pass the contents to clamd (it only tells clamd what file to scan), clamd normally needs to be able to read the file that you want to scan. It might be able to read it and it might not, that depends entirely upon how you have set up your filesystem and clamd itself. Alternatively you can pipe the file into clamdscan if you wish, and then clamd will get the file on its 'standard input' from clamdscan instead of having to find it in the filesystem and then read it. But it will STILL use the scanning options from its configuration file - there's little you can do about that without getting more creative than your skills will allow at the moment. On the other hand clamscan decides much more about the way the virus scanning engine scans the files, but it has to load the databases, and you have to wait for that to happen. Under some circumstances you might want to use clamscan, and under other circumstances you might be able to use clamdscan. Also if you don't want the daemon running then clamdscan will complain, and you'll have to use clamscan and be prepared to wait while the process loads the database. Both the configuration file and the man pages e.g. man clamd.conf contain a lot of useful information. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
