I am a complete clamav newbie trying to scan a large filesystem. I'm
running Fedora-17 Linux. The current invocation (after several
modifications) has this form:
clamscan -r -i --exclude-dir=^/media/ \
--exclude-dir=^/proc/ \
--exclude-dir=^/sys/ \
--exclude-dir=^/dev/ \
/ 2>&1 | tee clamscan.log
The directory /media contains a large removable drive that's used for
backup. There doesn't seem to be an reason to scan it and a scan
would take a long time.
A few questions and comments:
1. Is this a correct invocation to scan the filesystem, excluding
the system filesystems /proc, /sys, and /dev, also
excluding /media?
2. Is the "^" following the "=" in the "--exclude-dir" option
required or optional or forbidden? I would think that since the
argument is a REGEX a "^" would be required to get the desired
result, which is to exclude everything under these top level
directories but not other directories at lower levels (say
something like /home/phred/proj/dev/...). The examples mostly
don't have a "^", though some do.
3. Similarly is the "/" following the directory name required?
Some postings imply that it is, but if the argument is a REGEX,
it ought not to be.
4. The filesystems /proc, /sys, and /dev are traps for the unwary.
If not specifically excluded they are scanned, which is
pointless, takes a long time, and produces lots of errors. If a
warning to exclude them isn't in a prominent place in the
documentation, it should be. (I haven't read the documentation
carefully enough to be sure that it isn't in it somewhere.)
Thanks in advance - jon
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
