I have posted a few previous questions regarding clamscan and problems with /net on Solaris.
After some further investigation I have found that it impossible to run an efficient full scan (clamscan -r /) of a Solaris file system if /net is activated in /etc/auto_master.
This is down to the fact that Sun's automounter mounts /net/localhost as / so clamscan keeps rescanning the same files over and over again, first from / then through /net/localhost, then through /net/localhost/net/hostname.....you get the idea.
Using --exclude="^//net.*" helps but does not stop clamscan traversing down /net excluding every file over and over again as it only excludes files and not directories.
I have found reference to other software that has the same problem
Naturally it is going to follow NFS mount points. That is what you asked it to do so why wouldn't it? And what you are doing is a rather nutty thing to attempt, as well. This is a user problem, not a software problem. The solution is to scan selectively as in (examples only - this message requires you to think):
clamscan -r /opt
clamscan -r /var --exclude=sa?? --exclude=syslog* --exclude=sulog --exclude=messages*
clamacan -r /export/home
clamscan -r /usr
clamscan -r /tmp --exclude=mysql.sock
clamscan -r /etc --exclude=.name_service_door --exclude=.syslog_door
clamscan -r /usr/local/apache --exclude=*log
Avoid scanning /proc, /cdrom, /mnt, /vol, /xfn as you will be wasting your time. If you scan /home you may run into the same problem as with /net. Scan /dev, /devices, /kernel, and /platform at your peril.
You will want to exclude door files, very likely sparse files, db tables and indices, and other special files such as Unix sockets and device files.
dp _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
