On 3/15/2024 4:49 AM, Dr Rainer Woitok wrote:
Noel,
On Wednesday, 2024-03-13 11:59:16 -0500, you wrote:
...
To test email, include the EICAR as an attachment, and make sure
your email software is able to scan attachments.
Good idea, thanks :-)
I wrote another mail specific virus test script involving a "tar" ar-
chive containing one file which in turn contains the Eicar line.
This directly leads to another question: Command "clamscan" has the nice
option "--archive-verbose" which causes both, the name of the "tar" ar-
chive and the name of the infected file to be output. How does this
translate to a configuration specification in file "/etc/clamav/clamav.
conf"? Since running "clamscan" on my laptop takes 20+ seconds just to
process the virus database, I'd prefer running "clamdscan", provided it
could also be tricked into revealing this useful bit of information.
clamdscan and clamscan are separate programs and don't have 1-1
functionality.
If you're scanning dozens or hundreds of files, such as a directory,
the performance difference is small. If you're scanning incoming
email - lots of individual scans of one file at a time - the
performance difference is very large.
Use the tool that suits the job.
And one more question: "clamdscan" provides the option "--config-file".
Does the file specified here globally and permanently change the "clamd"
daemon configuration and does it replace or just amend file "/etc/clam-
av/clamav.conf"?
I believe it changes it just for that instance of clamdscan, and
does not affect the clamd daemon or other clamdscan runs.
-- Noel Jones
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
