On Wednesday 29 January 2014 12:04:36 David Raynor did opine: > On Tue, Jan 28, 2014 at 7:22 PM, Gene Heskett <ghesk...@wdtv.com> wrote: > > Greetings all; > > > > Can I use more than 1 --exclude= directive in the crontab entry that > > runs clamdscan? > > > > I am getting quite verbose emails that start out with identifying all > > the reference files it uses. Must be nearly 70 lines of that. Too > > much noise is counterproductive, one tends to turn off the hearing > > aid... > > > > Cheers, Gene > > -- > > > > "There are four boxes to be used in defense of liberty: > > soap, ballot, jury, and ammo. Please use in that order." > > > > -Ed Howdershelt (Author) > > Genes Web page <http://geneslinuxbox.net:6309/gene> > > > > NOTICE: Will pay 100 USD for an HP-4815A defective but > > complete probe assembly. > > > > If Microsoft built cars, the Linux car owners would get expensive > > Microsoft upgrades to their cars, which would make their cars run much > > slower. > > A pen in the hand of this president is far more > > dangerous than 200 million guns in the hands of > > > > law-abiding citizens. > > > > _______________________________________________ > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/support/ml > > You can use multiple --exclude options on the command line with > clamscan. You can use multiple ExcludePath settings in clamd.conf for > clamd. You cannot use --exclude on the command line with clamdscan. > > Dave R.
Must be time to re-read the man pages again. I am using, in my procmailrc [...] VIRIBOX = "/var/spool/mail/virii" [...] :0 VIRUS=|clamdscan --stdout - :0fw * VIRUS ?? ^.*: \/.* FOUND $VIRIBOX [...] Using the daily run of clamdscan's emailed reports, I have cleaned up my email corpus so the report is now about half as long as it was when I started. But I would like to actually have it work in real time on incoming mail from procmail. Or maybe it is, I just grepped the procmail.log and found 3 hits since yesterday: procmail: Matched "Email.Trojan-482 FOUND" procmail: Matched "Sanesecurity.Spam.11833.Ml.UNOFFICIAL FOUND" procmail: Matched "MBL_400944.UNOFFICIAL FOUND" So that looks like 3 hits to me, but it didn't store it... Humm, now I find that /var/spool/mail/virii was owned by nut:gitosis, which would explain that files remaining at 0 length for an extended time. But WTH changed it? clamav:clamav now owns it again. So, I'll mosey along, running this till I get another clue or 75 from the afternoons email report. Thanks for everything. Cheers, Gene -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Genes Web page <http://geneslinuxbox.net:6309/gene> _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/support/ml
