Bill Landry wrote:
Dennis Peterson wrote the following on 11/26/2006 12:34 PM -0800:
Bill Landry wrote:
Dennis Peterson wrote the following on 11/26/2006 12:11 PM -0800:
Bill Landry wrote:
Erez Epstein wrote the following on 11/26/2006 1:24 AM -0800:
Hello everybody,
i have set up clamscan to scan all of the server using cron daily
( /usr/local/bin/clamscan -r -i --exclude-dir=/sys --no-summary / )
the scan is taking too long conisdered to other virus scanners (about
6 hours)
why does it taking so much?
and how can i shorten it while still scaning all files every night.
If you're running clamd, why not use clamdscan instead of clamscan,
it's
much faster?
Bill
That requires clamd run as root, does it not?
dp
It can run under whatever user account you want it to run under
(however, recommend that it not be root). See clamd.conf:
# Run as a selected user (clamd must be started by root).
# Default: disabled
User SetUserAccountHere
Bill
Quite true. But the only user that has read permissions on all files
is root, so if your clamd is running as user clamav it likely will
fail to read a lot of files.
dp
Not if root is feeding the files to clamd. Try su to root and:
clamdscan /bin/*
Most of these files are owned by root, but will scan just fine, even
though my clamd runs under the user "amavis".
Find a root owned file with perms set to 600 and try it.
Find a non-amavis owned file with perms set to xx0 and try it.
Go to /home and try it on a directory owned by anyone but amavis and
with perms set to o-rx.
Root isn't feeding files to clamd - it is feeding paths to files to
clamd. At least that is what happens here.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
