Hello Masaru,

You wrote:
> In  short, Using the find command to specify files can make the ClamAV
> scanning process inefficient. ClamAV is designed to effectively scan
> entire directories and specific file types, so there is no need to
> filter the list generated by find command.

When I ran clamdscan with "-m" on 4 vCPU Linux EL9 VM very small 
server with about only 5,50,000 (or 550,000) relevant files.

first time: 4 m 18 seconds
second time: 2 m 25 seconds (time reduces a lot because of caching)

Without "-m" option it would go about ~16 min.

Command " echo>./find.out;echo "./find.out";cat 
./find.out;date;find / -type f -ctime -1 -not -path "/proc/*" -not 
-path "/sys/*" -not -path "/dev/*" -not -path 
"/boot/*">./find.out;date;cat ./find.out|wc -l" gave me 84 
files.

===> EDIT: clamdscan with or without "-m", with "-f" 
option finished in 3 seconds.

I used clamdscan because I can take advantage of caching. But I want to use 
clamscan which means it would always take ~16 minutes with full system scan.

Of course this is a _very_ stale server, with almost no change. With lots of 
change, this will change.

**However** my question is this: whenever anti virus does scan, in this case, 
clamav, they do NOT find changed files, even (on linux) very efficient utility 
such as "find" exists. There must be a reason. What that reason could 
be?

Thanks in advance,
-Neel.


From: neel roy via clamav-users <clamav-users@lists.clamav.net>
Sent: Mon, 09 Dec 2024 10:21:23
To: "m.nomiya+s...@gmail.com" <m.nomiya+s...@gmail.com>
Cc: neel roy <neelsm...@rediffmail.com>, 
"clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Using linux command "find" to get 
modified files list for scan

Hello Masaru,

You wrote:

> In  short, Using the find command to specify files can make the ClamAV
> scanning process inefficient. ClamAV is designed to effectively scan
> entire directories and specific file types, so there is no need to
> filter the list generated by find command.

When I ran clamdscan with "-m" on 4 vCPU Linux EL9 VM very small 
server with about only 5,50,000 (or 550,000) relevant files.

first time: 4 m 18 seconds
second time: 2 m 25 seconds (time reduces a lot because of caching)

Without "-m" option it would go about ~16 min.

Command " echo>./find.out;echo "./find.out";cat 
./find.out;date;find / -type f -ctime -1 -not -path "/proc/*" -not 
-path "/sys/*" -not -path "/dev/*" -not -path 
"/boot/*">./find.out;date;cat ./find.out|wc -l" gave me 84 
files.

clamdscan with or without scan, with "-f" option finished in 3 
seconds.

I used clamdscan because I can take advantage of caching. But I want to use 
clamscan which means it would always take ~16 minutes with full system scan.

Of course this is a _very_ stale server, with almost no change. With lots of 
change, this will change.

**However** my question is this: whenever anti virus does scan, in this case, 
clamav, they do NOT find changed files, even (on linux) very efficient utility 
such as "find" exists. There must be a reason. What that reason could 
be?

Thanks in advance,
-Neel.





From: Masaru Nomiya via clamav-users <clamav-users@lists.clamav.net>
Sent: Mon, 09 Dec 2024 09:36:09
To: clamav-users@lists.clamav.net
Cc: Masaru Nomiya <nom...@lake.dti.ne.jp>
Subject: Re: [clamav-users] Using linux command "find" to get 
modified files list for scan

Hello,

In the Message;

 Subject    : [clamav-users] Using linux command 
"find" to get modified files list for scan
 Message-ID 
: <1733715472.s.23081.autosave.drafts.1733715610.1...@webmail.rediffmail.com>
 Date & Time: 9 Dec 2024 03:40:10 -0000

[RN] == neel roy via clamav-users <clamav-users@lists.clamav.net> has 
written:

R[...]
RN>  Is there a reason why find should not be used to get list of
RN> files modified and scan them?

In  short, Using the find command to specify files can make the ClamAV
scanning process inefficient. ClamAV is designed to effectively scan
entire directories and specific file types, so there is no need to
filter the list generated by find command.

Best Regards.

---
$B(.(,(,(/WD(B     Masaru Nomiya           
        mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B       " Reading widely about things that 
don't seem immediately or
          practically useful, in the hope that 
what you learn now may prove
          meaningful later$B!=(Bthat's pretty 
much the definition of a liberal-
          arts education. Who knew that one of 
its best defenders would turn
          out to be a computer scientist? "
         
                   -- 
"What Does It Really Mean to Learn?" THE NEW YORKER --
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to