On Mon, 9 Dec 2024, neel roy via clamav-users wrote:
Yes, that I found evident as described in mail below.
Yet, no antivirus including ClamAV use this approach in their product.
There must be reason(s). I am just trying to find that reason.
I do not think it is very useful to only scan files that have changed.
That way, files that were changed by new (day-one?) malware before ClamAV
has rules to detect them will not be caught unless they change again.
With the "OnAccess" feature ClamAV scans a file whenever it is opened
(for reading or writing IIRC). Working this way it is not so useful to
find files which have changed, whether with 'find' or some other way.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
