Thanks a lot All set now Sent from my iPhone
> On Feb 24, 2022, at 10:19 AM, G.W. Haywood via clamav-users > <clamav-users@lists.clamav.net> wrote: > > Hi there, > >> On Thu, 24 Feb 2022, Eliya Voldman via clamav-users wrote: >> >> I did a test scan and decided to exclude some files from scanning >> Since files were located in a few directories I did not want to provide >> only file name hence I provided the absolute path for each file. >> The issue is that despite my action those file were not excluded from scan. >> Hence my question: what I did wrong? Is it wrong symantec or etc? >> This is my example: >> >> clamscan --recursive C:\ D:\ E:\ --log=%LOG% --quiet --exclude="C:\Program >> Files\rempl\osrrb.exe" --exclude="C:\Windows\SysWOW64\sechost.dll" > > You found the documentation but you missed a bit. :) > > The value given in the --exclude option is a regular expression, not a > literal string, and unfortunately the 'backslash' character which is > used as the path separator on Windows is the same character which is > used in a regular expression (regex) to 'quote' the character which > follows it in the regex. > > When you need a literal backslash in a regex, use two. For example > > --exclude="C:\\Windows\\SysWOW64\\sechost.dll" > > The first '\' character is what we call a 'special character' and in > regular expression parlance we say it 'quotes' the character following > so that its meaning is *not* special. In your version of this regex, > the '\' characters quote the 'W', 'S' and 's' characters following the > '\' characters. You might think that those characters aren't special > anyway, and you'd be right, but the rules of regex contruction don't > care about that. If you quote a non-special character it doesn't make > any difference, it stays non-special; '\t\h\i\s' is the same as 'this'. > > Incidentally in a regex the 'dot' character is special. It 'matches' > any character. It doesn't mean a literal 'dot' unless it's quoted, so > you would probably want to write that as > > --exclude="C:\\Windows\\SysWOW64\\sechost\.dll" > > Yes it's a little bewildering at first, but whatever kind they are, > regular expressions are fun. :) > > There are lots of primers on the subject on the Internet, but take > care to distinguish between the different types of regex. People > aren't always very clear about it. We'll talk about 'POSIX' regular > expressions, 'Perl' regular expressions, and so on. Sometimes we say > carelessly things like 'PCRE' (Perl Compatible Regular Expressions) as > if everyone should know what we mean. :/ > > If in doubt, POSIX regular expressions are least likely to get you > into deep water and, if you want the bees' knees, look to PCRE - at > least IMHO. If you look into using Yara rules with the ClamAV engine, > do be aware that the regular expressions for Yara rules are feeble by > comparison with those of POSIX and Perl. > > -- > > 73, > Ged. > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
