On 3/16/11 7:24 AM, Russ Tyndall wrote:
On Mar 15, 2011, at 4:51 PM, Chuck Swiger wrote:
One thing you might consider doing is using "find /location -mtime 1" to
generate a list of which files have been modified over the past day, and only scanning
these via clamdscan -f.
I experimented with this option last night (also suggested by Steve Holdoway),
and it works as expected. (Vastly decreases scan time by reducing the number of
files that need to be scanned to a mere pittance.) The risk is obvious that a
baddie could be overlooked because it might present a false modification date
or simply not be recognized by clamav for some period after it gets dropped
onto the computer.
Since you're thinking in this direction you may discover locate is faster than
find though it has issues of it's own as well as opportunity. See more at man
locate. Locate searches a pre-built database rather than crawling your file system.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
