Hello Masaru,
There is some good information in your message but I believe my question is
different.
I am not concerned about ClamAV not detecting changes. I want to know why
should I not use "find" to detect changed files. The part below from
your mail\reply does provide relevant information but I wanted to know whether
there is any reference or concrete evidence to it.
> On the other hand, the Linux find command is a powerful tool for
> efficiently searching for files and directories, but it does not
> directly detect file changes.
I am not sure what does this mean. Can you elaborate?
> Find searches for files based on the specified conditions, so in order
> to detect file changes, it is necessary to accurately specify the
> conditions for the files that have been changed.
Are you referring to command "find" or "clamav" here?
Thanks in advance,
-Neel.
From: Masaru Nomiya via clamav-users <clamav-users@lists.clamav.net>
Sent: Mon, 09 Dec 2024 11:24:19
To: clamav-users@lists.clamav.net
Cc: Masaru Nomiya <nom...@lake.dti.ne.jp>
Subject: Re: [clamav-users] Using linux command "find" to get
modified files list for scan
Hello,
In the Message;
Subject : Re: [clamav-users] Using linux command
"find" to get modified files list for scan
Message-ID
: <1733718887.s.10974.autosave.drafts.1733719852.13...@webmail.rediffmail.com>
Date & Time: 9 Dec 2024 04:50:53 -0000
[NR] == "neel roy" <neelsm...@rediffmail.com> has written:
[...]
NR> **However** my question is this: whenever anti virus does scan,
NR> in this case, clamav, they do NOT find changed files, even (on
NR> linux) very efficient utility such as &quot;find&quot;
NR> exists. There must be a reason. What that reason could be?
There are a number of reasons why ClamAV may not detect changes to
files.
Firstly, ClamAV mainly detects malware based on known virus
signatures, so if the signature database is not up to date, it is
possible that new threats will be missed.
Also, ClamAV has a file size limit, and by default it skips files
larger than 20MB. This limit is in place to prevent excessive
consumption of system resources, but because large files cannot be
scanned, changes may be missed.
On the other hand, the Linux find command is a powerful tool for
efficiently searching for files and directories, but it does not
directly detect file changes.
Find searches for files based on the specified conditions, so in order
to detect file changes, it is necessary to accurately specify the
conditions for the files that have been changed.
For these reasons, if ClamAV is unable to detect file changes, it is
important to consider updating the signature, reviewing the settings,
or using it in conjunction with other security tools.
Best Regards.
---
$B(.(,(,(/WD(B Masaru Nomiya
mail-to: nomiya @ lake.dti.ne.jp
$B(-!@!?WD(B
$B(1(,(,(0(B "During testing, Sakana found that its
system began unexpectedly
attempting to modify its own experiment
code to extend the time
it had to work on a problem."
-- Research AI model unexpectedly
attempts to modify its own code
to extend
runtime (ars TECHNICA) --
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
