Hi, On 6 Jan 2021 at 9:58, G.W. Haywood via clamav-users wrote:
> > My goal is to terminate scan of big number of files like '/' on CPU busy > > hours. > Do not scan everything under the root directory. Use zfs, make regular snapshots, scan once, then use zfs diff to find the new/changed(/removed) files, scan these only. Or make a full scan every week if desired, then use a auditing program to regularly search for the files that were added/updated(/removed), scan these only. These auditing programs use hash signatures which are faster to compute than doing full virus scans, but they will anyway make a lot of i/o as they will read all files. If you are really constrained by the i/o you could run a less secure but lighter audit based on the file attributes (size, ownership, mode, dates...) and once a day/week a full audit... There are many options... HTH, Pierre _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
