Bill Landry wrote:
Dennis Peterson wrote the following on 11/29/2006 7:23 AM -0800:
One other option was to run a second instance of clamd pointed to a
different config file and run the second instance as root. Then
clamdscan should be able to scan all files in all directories without
permissions issues.
Bill
Recall that the initial requirement was to scan only files that have
changed since the previous scan. That is a subset of the entire file
system and can certainly involve multiple top level directories. The
trick then is to create a means of identifying and scanning an arbitrary
number of files in arbitrary locations (second requirement) with a
single instance of the tool (third requirement). clamdscan requires the
same workarounds as clamscan. While it wasn't a requirement, some kind
of logging is essential IMO. It apparently has been accepted without
comment that the --include and --exclude options are inadequate for this
purpose.
You are quite right though that it happens it is sometimes a good
solution to create a short-lived root owned instance of clamd (one that
uses a Unix socket written to a root-owned and read-only root directory
along with other essential parameters). It doesn't provide any advantage
in this situation where the real problem is to present one time an
arbitrary length list of files with arbitrary paths to the scanner.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
