Re: [clamav-users] Using linux command "find" to get modified files list for scan

Mon, 09 Dec 2024 19:18:14 -0800 

Hello,

In the Message; 

  Subject    : Re: [clamav-users] Using linux command "find" to get modified 
files list for scan
  Message-ID : <f961d922-c798-e436-3bf9-956640631...@aitchison.me.uk>
  Date & Time: Mon, 9 Dec 2024 12:47:59 +0000 (GMT)

[ACA] == Andrew C Aitchison via clamav-users <clamav-users@lists.clamav.net> 
has written:


ACA>  On Mon, 9 Dec 2024, neel  roy via clamav-users wrote:

ACA>  > Yes, that I found evident as described in mail below.
ACA>  > Yet, no antivirus including ClamAV use this approach in their product.
ACA>  > There must be reason(s). I am just trying to find that reason.

ACA>  I do not think it is very useful to only scan files that have changed.
ACA>  That way, files that were changed by new (day-one?) malware before ClamAV
ACA>  has rules to detect them will not be caught unless they change again.

ACA>  With the "OnAccess" feature ClamAV scans a file whenever it is opened
ACA>  (for reading or writing IIRC). Working this way it is not so useful to 
find
ACA>  files which have changed, whether with 'find' or some other way.

If the ClamAV daemon (clamd) is running, using clamdscan enables
multi-threaded scanning, and since the virus database does not need to
be loaded each time, it is more efficient, isn't it?

There is inevitably a time lag between the appearance of new viruses
and the expansion of the corresponding database, and onAccess is no
exception.

I think Neel's intention is to reduce the system load.
It is true that clamondacc is a heavy load.

Best Regards.

---
┏━━┓彡    Masaru Nomiya                    mail-to: nomiya @ lake.dti.ne.jp
┃\/彡
┗━━┛  "As Google fights for positioning in a new AI boom and an era where
          some consumers are turning to TikTok or ChatGPT instead of Google
          Search, some employees now worry product development could become
          dangerously hasty. The restructuring of RESIN has increased those
          concerns, the sources say."
          
                                -- Google Splits Up a Key AI Ethics Watchdog --
_______________________________________________

Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation

https://docs.clamav.net/#mailing-lists-and-chat

Reply via email to