On 3/5/15 10:05 AM, Henry Collins wrote:
So the normal ClamAV (not daemon) is working alright and I do not have any
complaints. However, the daemon is not working or I cannot see how it is
working. When I write "ps ax", I can see that it is running, but the
problem is that I cannot find any information on what it found. I tried to
move a fake virus to different folders, but I cannot see anything in
ClamAVs logs.
How do I see what daemon has found and how do I save these results to some
file?
A standard ClamAV install doesn't do anything when the clamd daemon is started.
You have to explicitly give it something to do. If you have a directory you wish
to scan then you would run clamdscan from a command line with that directory as
an argument. If the clamd user ID does not have permission to scan that
directory or its contents then you have to provide file descriptors. The
clamdscan tool communicates with the clamd daemon and is a fast means of
scanning files because all the signatures are already loaded.
See man clamdscan.
You can also scan directories without using the daemon by invoking the clamscan
command line tool. This tool has to load the signatures each time it is run and
so has greater overhead, but it does not have ownership problems when scanning
files you own. If you run it as root it will scan any file on your system. It's
probably not a good idea to run this on device files and Unix special files.
See man clamscan
The clamd daemon is most useful for scanning incoming mail in real time. That
requires an interface layer between clamd and your mail MTA or local delivery agent.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
