On Tue, Sep 3, 2013 at 5:57 PM, monte olvera <olve...@gmail.com> wrote:
> I'm running clamav 0.97.3 (I know it's old, working on that) on Linux. I > want to exclude files (via clamd) based on a regex and can't seem to > figure out how. I can ignore paths just fine (ExcludePath ^/tmp) but I > want to ignore all log files. I've tried many different variations of > the following, including ones not listed and can't seem to get antying > working. Can someone please tell me how I can scan the root filesystem > and ignore all files appended with a ".log"? > > Some of what I've tried, which have all failed. > > ExcludePath ^*log > ExcludePath ^.*log > ExcludePath ^*.log > ExcludePath ^/.*log > ExcludePath ^/*.log > > > _______________________________________________ > Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net > http://www.clamav.net/support/ml > If you are looking to exclude files that end in ".log", here is what worked for me: ExcludePath \.log$ 1) The backslash escapes the dot, so it is treated as a normal character to match instead of a single-character wildcard. 2) The $ anchors it to the end of the filename, instead of using the ^ to anchor the pattern to the front. Results will look something like this from clamdscan: /home/testuser/examples/log.stream: OK <= ok after being scanned /home/testuser/examples/test.stream: OK <= ok after being scanned /home/testuser/examples/test.stream.log: Excluded <= logged at the point it matches the exclusion /home/testuser/examples/test.stream.log: OK <= ok because it has to report a result, was not scanned Hope this helps, Dave R. -- --- Dave Raynor Sourcefire Vulnerability Research Team dray...@sourcefire.com _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
