Hi there, On Thu, 20 Aug 2020, Shoaib, Syed via clamav-users wrote:
... Antivirus best practices. 1. How frequently is it recommended to perform complete scan (clamscan) on servers.
Without a great deal more information the question makes no sense.
... each scan on a server takes about 5-7 hours. Is it recommended to scan Linux servers daily or weekly basis?
See my answer to (1).
2. Will there be a performance impact on servers when the scan is running for such long hours?
Yes, of course there will. See my answer to (1).
3. We have planned to write a script ... * run clamscan command and share its output by email * Drop clamscan output on the terminal * Ex: clamscan -r / -i ...
Do not do that on a Linux box. On Linux and other Unix-like systems there are exposed in the filesystem all sorts of things which really do not need to be scanned, some of which should not be scanned under any circumstances. If you do things like this you represent a bigger danger to the system than the threats you imagine you're looking for and you'll probably come up with false positives which confuse you.
... Is there a better command to scan the entire system, and just show the scan summary rather than printing error messages.
See my answer to (3). What are the servers? What are they doing? What are the risks? Before you can make any real use of ClamAV on a Linux box you need to establish the risks. What do you think you're looking for? Where do you think it might be, and how you think it might manage to get there in the first place? Take steps to prevent that from happening in all the areas where that's possible. Then use ClamAV to scan only things which are at risk. For example you might have an FTP server which is receiving data from unknown sources; make sure that nothing can write outside the FTP root and then scan only what's inside. It's up to you to decide when that needs to be done and what action to take if ClamAV finds anything. You might be running a public mail server so you want to look for threats in the messages; you can connect the MTA to clamd through a milter and for example quarantine messages which are flaged as suspicious. What you need to do and when you need to do it depends on the risks. You're the only one who knows those at the moment. -- 73, Ged. _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
