On Mar 15, 2011, at 4:51 PM, Chuck Swiger wrote: > One thing you might consider doing is using "find /location -mtime 1" to > generate a list of which files have been modified over the past day, and only > scanning these via clamdscan -f.
I experimented with this option last night (also suggested by Steve Holdoway), and it works as expected. (Vastly decreases scan time by reducing the number of files that need to be scanned to a mere pittance.) The risk is obvious that a baddie could be overlooked because it might present a false modification date or simply not be recognized by clamav for some period after it gets dropped onto the computer. I *think* I ran into one gotcha that I had to work around: I had to filter out directories from the Find results...otherwise, clamav would scan those directories whose contents had already been scanned because those contents were already listed elsewhere in the Find results. Users more experienced with Find may have just thought that requirement was self-evident and didn't need to be stated. My Find command looks something like this, and is supposed to filter out directories and anything modified more than 60 minutes ago: find [path to directory] [path to second directory] ! -type d -mmin -60 > [path to output file later read by clamav] I'm now going to do some testing with the MaxScanSize directive. ----------------- Russ Tyndall Wake Forest, NC _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml