Hello,
I need to scan Linux systems for viruses/malwares, just entire filesystem.
There are few options to consider.
- One is normally what users do: Use clamav to scan system
once a day.
- The second option is to find files modified in last one
day and give that list to anti virus program.
I tested following bash command find on directory with 5 million empty files
and it's extremely efficient.
date;find /test/ -type f -ctime -1 -type f 1>./find_ctime.out
2>./find.errors;date
It takes only about 5 seconds.
Note, I am using -ctime option just to overcome some program changing
modification time using utility such as touch.
Most admins when they talk about a system scan they talk about having antivirus
do the complete scan.
Is there a reason why find should not be used to get list of files modified and
scan them?
This question is also posted as
https://superuser.com/questions/1864184/is-there-a-reason-why-i-cant-use-find-to-scan-modified-files-for-viruses-and-ma
Thanks in advance,
-Neel.
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
