On 3/17/11 7:35 AM, "Russ Tyndall" <fitz...@redshanksoftware.com> wrote:
> > On Mar 17, 2011, at 7:50 AM, G.W. Haywood wrote: > >> On Thu, 17 Mar 2011 Russ Tyndall wrote: >> >>> So I now have two tactics to minimize scan time: >>> 1) Partially scan ALL files >>> 2) Fully scan a set of recently modified files. >> >> There might be another option. If you have access to something like >> inotify on your OS you could feed incoming data to clamd on the fly, >> rather than waiting until the next scan window. >> >> Sorry, I haven't used OSX for a while so I don't know what's available. > > It appears that 10.5+ has some technology for monitoring the file system: > > <http://developer.apple.com/library/mac/#documentation/Darwin/Conceptual/FSEve > nts_ProgGuide/Introduction/Introduction.html#//apple_ref/doc/uid/TP40005289-CH > 1-DontLinkElementID_16> > > Since my machine is running 10.4, I did not delve into it very far. But, a > cursory scan of Google results suggest that methods exist for kicking off > scripts when a file hierarchy changes. > I believe that ClamXav <http://www.clamxav.com> makes use of this feature in it's Sentry application to watch selected directories. A small subapp called gfslogger is used to tap into FSEvents. -Al- -- Al Varnell Mountain View, CA _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
