Hello Masaru,
You wrote:
> In short, Using the find command to specify files can make the ClamAV
> scanning process inefficient. ClamAV is designed to effectively scan
> entire directories and specific file types, so there is no need to
> filter the list generated by find command.
When I ran clamdscan with "-m" on 4 vCPU Linux EL9 VM very small
server with about only 5,50,000 (or 550,000) relevant files.
first time: 4 m 18 seconds
second time: 2 m 25 seconds (time reduces a lot because of caching)
Without "-m" option it would go about ~16 min.
Command " echo>./find.out;echo "./find.out";cat
./find.out;date;find / -type f -ctime -1 -not -path "/proc/*" -not
-path "/sys/*" -not -path "/dev/*" -not -path
"/boot/*">./find.out;date;cat ./find.out|wc -l" gave me 84
files.
===> EDIT: clamdscan with or without "-m", with "-f"
option finished in 3 seconds.
I used clamdscan because I can take advantage of caching. But I want to use
clamscan which means it would always take ~16 minutes with full system scan.
Of course this is a _very_ stale server, with almost no change. With lots of
change, this will change.
**However** my question is this: whenever anti virus does scan, in this case,
clamav, they do NOT find changed files, even (on linux) very efficient utility
such as "find" exists. There must be a reason. What that reason could
be?
Thanks in advance,
-Neel.
From: neel roy via clamav-users <clamav-users@lists.clamav.net>
Sent: Mon, 09 Dec 2024 10:21:23
To: "m.nomiya+s...@gmail.com" <m.nomiya+s...@gmail.com>
Cc: neel roy <neelsm...@rediffmail.com>,
"clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Using linux command "find" to get
modified files list for scan
Hello Masaru,
You wrote:
> In short, Using the find command to specify files can make the ClamAV
> scanning process inefficient. ClamAV is designed to effectively scan
> entire directories and specific file types, so there is no need to
> filter the list generated by find command.
When I ran clamdscan with "-m" on 4 vCPU Linux EL9 VM very small
server with about only 5,50,000 (or 550,000) relevant files.
first time: 4 m 18 seconds
second time: 2 m 25 seconds (time reduces a lot because of caching)
Without "-m" option it would go about ~16 min.
Command " echo>./find.out;echo "./find.out";cat
./find.out;date;find / -type f -ctime -1 -not -path "/proc/*" -not
-path "/sys/*" -not -path "/dev/*" -not -path
"/boot/*">./find.out;date;cat ./find.out|wc -l" gave me 84
files.
clamdscan with or without scan, with "-f" option finished in 3
seconds.
I used clamdscan because I can take advantage of caching. But I want to use
clamscan which means it would always take ~16 minutes with full system scan.
Of course this is a _very_ stale server, with almost no change. With lots of
change, this will change.
**However** my question is this: whenever anti virus does scan, in this case,
clamav, they do NOT find changed files, even (on linux) very efficient utility
such as "find" exists. There must be a reason. What that reason could
be?
Thanks in advance,
-Neel.
From: Masaru Nomiya via clamav-users <clamav-users@lists.clamav.net>
Sent: Mon, 09 Dec 2024 09:36:09
To: clamav-users@lists.clamav.net
Cc: Masaru Nomiya <nom...@lake.dti.ne.jp>
Subject: Re: [clamav-users] Using linux command "find" to get
modified files list for scan
Hello,
In the Message;
Subject : [clamav-users] Using linux command
"find" to get modified files list for scan
Message-ID
: <1733715472.s.23081.autosave.drafts.1733715610.1...@webmail.rediffmail.com>
Date & Time: 9 Dec 2024 03:40:10 -0000
[RN] == neel roy via clamav-users <clamav-users@lists.clamav.net> has
written:
R[...]
RN> Is there a reason why find should not be used to get list of
RN> files modified and scan them?
In short, Using the find command to specify files can make the ClamAV
scanning process inefficient. ClamAV is designed to effectively scan
entire directories and specific file types, so there is no need to
filter the list generated by find command.
Best Regards.
---
$B(.(,(,(/WD(B Masaru Nomiya
mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B " Reading widely about things that
don't seem immediately or
practically useful, in the hope that
what you learn now may prove
meaningful later$B!=(Bthat's pretty
much the definition of a liberal-
arts education. Who knew that one of
its best defenders would turn
out to be a computer scientist? "
--
"What Does It Really Mean to Learn?" THE NEW YORKER --
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat