Topic: [SOLVED][ClamAV] suppress checking ibay?

[piran]

How may I suppress ClamAV's checking of a particular ibay?
For instance would one of the templates
/etc/e-smith/templates/etc/clamd.conf/
achieve this suppression or must I use a new specific template?

[postedit] Summary http://forums.contribs.org/index.php?topic=34047.msg146180#msg146180

[Gaston94]

Hi,
Clamav scan is led by some configuration options, have a look at this

Code: [Select]

[root@sme94 ~]# /sbin/e-smith/db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var
so you can add any other paths :

Code: [Select]


[root@sme94 ~]# db configuration setprop clamav FilesystemScanExclude \
/proc,/sys,/usr/share,/var, \
/home/e-smith/files/ibays/iso, \
/home/e-smith/files/ibays/archive

for instance will prevent these ibays to be scanned

G.

[piran]

My thanks, otherwise it takes more than 5 days work from one CPU...;~)

[william_syd]

Is there someway this can be used to exclude every users junkmail folder ?

[piran]

Not solved after all;~/

Just missed the midnight check so I implemented a ClamAV run manually.

Code: [Select]

[root@teri /]# clamscan -r /home --quiet
ClamAV was still running in the morning (should take about 10mins?).

Code: [Select]

[root@teri /]# db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
As the suppress checking of ibays apparently didn't work, cannot guarantee
the suppress checking of /mnt is working either (messes up backups).

Is the manual implementation of ClamAV different from what runs normally?

In case this is needed...

Code: [Select]

[root@teri /]# config show clamav
clamav=service
    ArchiveBlockEncrypted=no
    ArchiveBlockMax=no
    ArchiveMaxCompressionRatio=300
    ArchiveMaxFileSize=15M
    ArchiveMaxFiles=1500
    ArchiveMaxRecursion=8
    Checks=24
    DNSDatabaseInfo=current.cvd.clamav.net
    DatabaseMirror=db.local.clamav.net
    Debug=no
    DetectBrokenExecutables=no
    FilesystemScan=daily
    FilesystemScanExclude=/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
    FilesystemScanFilesystems=/
    FilesystemScanReportTo=admin
    Foreground=yes
    HTTPProxyPassword=
    HTTPProxyPort=
    HTTPProxyServer=
    HTTPProxyUsername=
    IdleTimeout=60
    LeaveTemporaryFiles=no
    LogClean=no
    LogFileUnlock=yes
    LogTime=no
    LogVerbose=yes
    MaxAttempts=6
    MaxConnectionQueueLength=30
    MaxDirectoryRecursion=20
    MaxThreads=20
    Quarantine=disabled
    QuarantineDirectory=/var/spool/clamav/quarantine
    ReadTimeout=300
    ScanArchive=yes
    ScanHTML=yes
    ScanMail=yes
    ScanOLE2=yes
    ScanPE=yes
    ScanRAR=no
    SelfCheck=1800
    ShowProxySettings=no
    ShowUpdateSettings=no
    SignaturesUpdated=unknown
    UpdateNonOfficeHrs=disabled
    UpdateOfficeHrs=disabled
    UpdateWeekend=disabled
    status=enabled
[root@teri /]#


[william_syd]

Did you expand the template after changing the database?

Code: [Select]

/sbin/e-smith/expand-template /etc/clamd.conf

The contents of /etc/clamd.conf will give you a better idea of what clamd will be doing than the db values.

Code: [Select]

[root@tiger ~]# more /etc/clamd.conf
#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
#ArchiveBlockEncrypted
#ArchiveBlockMax
ArchiveMaxCompressionRatio 300
ArchiveMaxFileSize 15M
ArchiveMaxFiles 1500
ArchiveMaxRecursion 8
DatabaseDirectory /var/clamav
#Debug
#DetectBrokenExecutables
FixStaleSocket
Foreground
IdleTimeout 60
#LeaveTemporaryFiles
LocalSocket /var/clamav/clamd.socket
#LogClean
LogFile /dev/stderr
LogFileMaxSize 0
LogFileUnlock
#LogTime
LogVerbose
MaxConnectionQueueLength 30
MaxDirectoryRecursion 20
MaxThreads 20
ReadTimeout 300
ScanArchive
ScanHTML

#ScanMail

ScanOLE2
ScanPE
#ScanRAR

SelfCheck 1800
# Close the connection if this limit is exceeded.
StreamMaxLength 25M
#TCPAddr 127.0.0.1
#TCPSocket 3310
TemporaryDirectory /var/tmp
User clamav
AllowSupplementaryGroups
[root@tiger ~]#


[piran]

No, I ran this afterwards...

Code: [Select]

signal-event clamav-update
...but it was really only a guess,
I thought this command was the 'new expand'.
Will try over again.

[piran]

I cannot see any suppress directory information in

Code: [Select]

/etc/clamd.conf
whether this is before or after running either

Code: [Select]

signal-event clamav-update

Code: [Select]

/sbin/e-smith/expand-template /etc/clamd.conf
The db get command shows my suppress directory information:

Code: [Select]

[root@teri etc]# db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
[root@teri etc]#
Unfortunately ClamAV doesn't take a blind bit of notice, running

Code: [Select]

clamscan -r /home
and viewing the checking live I see ClamAV running through the ibays;~/

[william_syd]

Hi,
Clamav scan is led by some configuration options, have a look at this

Code: [Select]

[root@sme94 ~]# /sbin/e-smith/db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var
so you can add any other paths :

Code: [Select]


[root@sme94 ~]# db configuration setprop clamav FilesystemScanExclude \
/proc,/sys,/usr/share,/var, \
/home/e-smith/files/ibays/iso, \
/home/e-smith/files/ibays/archive

for instance will prevent these ibays to be scanned

G.

Which template fragment uses the property FilesystemScanExclude?

[Gaston94]

well, William,

Which template fragment uses the property FilesystemScanExclude?

You are definitely right
It does not look like corresponding to any thing. Butwhy is it in the db config parameters

From clamd.conf I retrieve the "ClamukoExcludePath" directive which should be the correct one.

@piran,
could you check the below commands and advice ?

Code: [Select]

# mkdir -p /etc/e-smith/templates-custom/etc/clamd.conf
# cat > /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
{
# Set the exclude paths. All subdirectories are also excluded.
    "ClamukoExcludePath /home/e-smith/files/ibays";
}
^D ## this is a Control-D keystroke
# /sbin/e-smith/expand-template /etc/clamd.conf
# /sbin/e-smith/signal-event clamav-update

(check after pasting that you have no control characters in the file ...)

G.[/code]

[Gaston94]

double post

[piran]

Scratching head;~)
Followed instructions (I think).
There is nothing in the mkdir file area.
But the contents of /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
consist only of...
{
# Set the exclude paths. All subdirectories are also excluded.
    "ClamukoExcludePath /home/e-smith/files/ibays";
}
...and nothing else.
Template expanded.
Signal evented.
Manual run of ClamAV still goes through the ibays.

[william_syd]

From clamd.conf I retrieve the "ClamukoExcludePath" directive which should be the correct one.

@piran,
could you check the below commands and advice ?

Code: [Select]

# mkdir -p /etc/e-smith/templates-custom/etc/clamd.conf
# cat > /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
{
# Set the exclude paths. All subdirectories are also excluded.
    "ClamukoExcludePath /home/e-smith/files/ibays";
}
^D ## this is a Control-D keystroke
# /sbin/e-smith/expand-template /etc/clamd.conf
# /sbin/e-smith/signal-event clamav-update

(check after pasting that you have no control characters in the file ...)

G.[/code]

Clamuko..  Hmm. Appears to be some sort of 'on access' scanning... not a scheduled file system scan.

I could be wrong.

[piran]

Code: [Select]




[root@teri etc]# config show clamav
clamav=service
    ArchiveBlockEncrypted=no
    ArchiveBlockMax=no
    ArchiveMaxCompressionRatio=300
    ArchiveMaxFileSize=15M
    ArchiveMaxFiles=1500
    ArchiveMaxRecursion=8
    Checks=24
    DNSDatabaseInfo=current.cvd.clamav.net
    DatabaseMirror=db.local.clamav.net
    Debug=no
    DetectBrokenExecutables=no
    FilesystemScan=daily
    FilesystemScanExclude=/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
    FilesystemScanFilesystems=/
    FilesystemScanReportTo=admin
    Foreground=yes
    HTTPProxyPassword=
    HTTPProxyPort=
    HTTPProxyServer=
    HTTPProxyUsername=
    IdleTimeout=60
    LeaveTemporaryFiles=no
    LogClean=no
    LogFileUnlock=yes
    LogTime=no
    LogVerbose=yes
    MaxAttempts=6
    MaxConnectionQueueLength=30
    MaxDirectoryRecursion=20
    MaxThreads=20
    Quarantine=disabled
    QuarantineDirectory=/var/spool/clamav/quarantine
    ReadTimeout=300
    ScanArchive=yes
    ScanHTML=yes
    ScanMail=yes
    ScanOLE2=yes
    ScanPE=yes
    ScanRAR=no
    SelfCheck=1800
    ShowProxySettings=no
    ShowUpdateSettings=no
    SignaturesUpdated=unknown
    UpdateNonOfficeHrs=disabled
    UpdateOfficeHrs=disabled
    UpdateWeekend=disabled
    status=enabled
[root@teri etc]# pico clamd.conf
[root@teri etc]#

#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
#ArchiveBlockEncrypted
#ArchiveBlockMax
ArchiveMaxCompressionRatio 300
ArchiveMaxFileSize 15M
ArchiveMaxFiles 1500
ArchiveMaxRecursion 8
ClamukoExcludePath /home/e-smith/files/ibays
DatabaseDirectory /var/clamav
#Debug
#DetectBrokenExecutables
FixStaleSocket
Foreground
IdleTimeout 60
#LeaveTemporaryFiles
LocalSocket /var/clamav/clamd.socket
#LogClean
LogFile /dev/stderr
LogFileMaxSize 0
LogFileUnlock
#LogTime
LogVerbose
MaxConnectionQueueLength 30
MaxDirectoryRecursion 20
MaxThreads 20
ReadTimeout 300
ScanArchive
ScanHTML

ScanMail

ScanOLE2
ScanPE
#ScanRAR

SelfCheck 1800
# Close the connection if this limit is exceeded.
StreamMaxLength 25M
#TCPAddr 127.0.0.1
#TCPSocket 3310
TemporaryDirectory /var/tmp
User clamav
AllowSupplementaryGroups


[piran]

The two reporting areas seem different.
ie one comments out scans of RAR (#ScanRAR)
the other ScanRAR=no
but last night I saw some warning text about
RAR checking (something about levels or versions).
Config areas not matched or synchronised?

[william_syd]

Look in /sbin/e-smith/smeserver-clamscan

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

[piran]

Code: [Select]


#!/usr/bin/perl -w
#----------------------------------------------------------------------
# Clam Antivirus virus scanner filesystem scanning.
#
# copyright (C) 2004 Shad L. Lords <slords@mail.com>
# Copyright (C) 2005 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License or more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
#----------------------------------------------------------------------

use strict;
use esmith::ConfigDB;

my $db = esmith::ConfigDB->open_ro or die "Couldn't open ConfigDB";

my $filesystems = $db->get_prop("clamav", "FilesystemScanFilesystems") || '/';

my $MailReport = $db->get_prop("clamav", "FilesystemScanReportTo") || 'admin';

my $clamscan_opts = " --recursive --infected --stdout" .
                    " --log /var/log/clamd/clamscan.log";

my $quarantine_dir = $db->get_prop("clamav", "QuarantineDirectory") ||
                "/var/spool/clamav/quarantine";

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
                          "/proc,/sys,/usr/share/doc");

push @exclude, $quarantine_dir;

$clamscan_opts .= " --exclude $_" for (@exclude);

$clamscan_opts .= " --move=$quarantine_dir"
        if ($db->get_prop("clamav", "Quarantine") || "disabled") eq "enabled";

open CLAMSCAN, "-|", "nice /usr/bin/clamscan $clamscan_opts $filesystems 2>\&1";

my @report = <CLAMSCAN>;
close CLAMSCAN;

my $hostname = $db->get_value("SystemName") . "." .
        $db->get_value("DomainName");

my $date = localtime;

open MAIL, "| /bin/mail " .
        "-s \"[$hostname] Clam Antivirus Scan Results - $date\" $MailReport";

print MAIL @report;
close MAIL;




[Gaston94]

I could be wrong.

I only found two places where exclude paths for clamav.
this clamuko one
and the command line one :
 clamscan -r /home/e-smith/files/users --exclude /home/e-smith/files/ibays

G.

[piran]

Tried the command line option.
I saw ibay addresses appearing very briefly with : Excluded at the end.
That manually invoked test run finished in realtime (as opposed to 5days).

Code: [Select]


[root@teri /]#  clamscan -r /home --exclude /home/e-smith/files/ibays
----------- SCAN SUMMARY -----------
Known viruses: 71520
Engine version: 0.88.4
Scanned directories: 16020
Scanned files: 2032
Infected files: 0
Data scanned: 30.62 MB
Time: 77.804 sec (1 m 17 s)
[root@teri /]#


How to fix the automatic run at midnight...

[william_syd]

I could be wrong.

I only found two places where exclude paths for clamav.
this clamuko one
and the command line one :
 clamscan -r /home/e-smith/files/users --exclude /home/e-smith/files/ibays

G.

I think the command line one is the one that gets used.

Open two console terminals. In one run htop and in the other run /sbin/e-smith/smeserver-clamscan .

Clamscan should now be at the top of the list and you can see what command line parameters were used.

[william_syd]

Not solved after all;~/

Just missed the midnight check so I implemented a ClamAV run manually.

Code: [Select]

[root@teri /]# clamscan -r /home --quiet


Is the manual implementation of ClamAV different from what runs normally?

Yes.

Try

Code: [Select]

/sbin/e-smith/smeserver-clamscan

[piran]

The htop panel merely reflected whichever command line I used,
or do you mean for me to watch at midnight?

[Gaston94]

Will,

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

No

[william_syd]

Will,

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

No

Thats funny.  

[piran]

@will Missed reading your earlier post...

Code: [Select]

[root@teri /]# /sbin/e-smith/smeserver-clamscan
...rather than just looking at the contents tried invoking it.
Had to horizontally scroll htop to read the whole line.
VERY LONG (too long?) and shows all the --excludes separately.
Is this the problem because the very last one looks truncated?
(might be htop or my PuTTY settings)

[william_syd]

The htop panel merely reflected whichever command line I used,
or do you mean for me to watch at midnight?

Use

Code: [Select]

/sbin/e-smith/smeserver-clamscan
by itself and htop will show your --exclude's as per the database.

[Gaston94]

Piran,

Not solved after all;~/

Code: [Select]

[root@teri /]# clamscan -r /home --quiet

Is the manual implementation of ClamAV different from what runs normally?

Yes,
the sme clamscan is finally  issuing the following command :

Code: [Select]


nice /usr/bin/clamscan  --recursive --infected --stdout \
--log /var/log/clamd/clamscan.log --exclude /proc \
 --exclude /sys --exclude /usr/share --exclude /var \
--exclude /var/spool/clamav/quarantine
--exclude /home/e-smith/files/ibays \
/
(with the extra exclusion from the db setprop we talked about)

G.
PS so my first post wath the correct solution, no ?

[william_syd]

Piran,

Not solved after all;~/

Code: [Select]

[root@teri /]# clamscan -r /home --quiet

Is the manual implementation of ClamAV different from what runs normally?

Yes,
the sme clamscan is finally  issuing the following command :

Code: [Select]


nice /usr/bin/clamscan  --recursive --infected --stdout \
--log /var/log/clamd/clamscan.log --exclude /proc \
 --exclude /sys --exclude /usr/share --exclude /var \
--exclude /var/spool/clamav/quarantine
--exclude /home/e-smith/files/ibays \
/
(with the extra exclusion from the db setprop we talked about)

G.
PS so my first post wath the correct solution, no ?

Yes.

Piran's use of clamscan sent me on a Goose chase..  

edit: Plus I only grep'ed /etc for the db property.

[piran]

Code: [Select]

/sbin/e-smith/smeserver-clamscan
...is that a good simulation of what occurs at midnight automatically?

[william_syd]

From man clamscan,

Code: [Select]

--exclude=PATT, --exclude-dir=PATT
              Don't scan file/directory names containing PATT. It may be used multiple times.


Is there a difference between --exclude=PATT and --exclude-dir=PATT ?

Interesting..
http://www.webservertalk.com/archive389-2006-2-1386908.html

[piran]

Summary:

Code: [Select]

[show the configuration of ClamAV]
# config show clamav


[query EXCLUSION areas for ClamAV]
# db configuration getprop clamav FilesystemScanExclude


[set the default EXCLUSION areas for ClamAV]
# db configuration setprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var


[set my own EXCLUSION areas for ClamAV]
[mounted network shares used in backups]
[very large ibay-mounted h/w RAID arrays]
# db configuration setprop clamav FilesystemScanExclude \ /proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays/storage


[set the command line? EXCLUSION areas for ClamAV]
# mkdir -p /etc/e-smith/templates-custom/etc/clamd.conf
# cat > /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
{
# Set the exclude paths. All subdirectories are also excluded.
    "ClamukoExcludePath /home/e-smith/files/ibays/storage";
}
### use the key combo of Control-D to exit from the concatenation
# /sbin/e-smith/expand-template /etc/clamd.conf
# /sbin/e-smith/signal-event clamav-update

[command line simulation of the midnight ClamAV run]
[with those pre-set smeserver EXCLUSION areas]
# /sbin/e-smith/smeserver-clamscan

[command line raw use of ClamAV]
[does *NOT* use those pre-set smeserver EXCLUSION areas]
[--quiet switch avoids scrolling screenfulls of reports]
# clamscan -r /home


with thanks to Gaston94 and william_syd

[william_syd]

Piran,

Does the above work for you ?

Don't do it on a production SME.
As an experiment, at the command line try..

Code: [Select]

clamscan -r / \
 --exclude-dir=proc \
 --exclude-dir=sys \
 --exclude-dir=share \
 --exclude-dir=var \
 --exclude-dir=quarantine \
 --exclude-dir=mnt \
 --exclude-dir=ibays
Then try

Code: [Select]

clamscan -r / \
 --exclude /proc \
 --exclude /sys \
 --exclude /usr/share \
 --exclude /var \
 --exclude /var/spool/clamav/quarantine \
 --exclude /mnt \
 --exclude /home/e-smith/files/ibays

[piran]

Tomorrow... it's after 02:15hrs local;~)

Our works successfully configured the AV scan around disturbing
concurrent backups (ie didn't attempt to scan /mnt/) and avoided
trying to scan the main h/w RAID (which takes it over 5days).

AV scan report now back to 'normal':

Code: [Select]

LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Warning: Multipart MIME message contains no boundaries

----------- SCAN SUMMARY -----------
Known viruses: 71526
Engine version: 0.88.4
Scanned directories: 25314
Scanned files: 105851
Infected files: 0
Data scanned: 5951.30 MB
Time: 2058.589 sec (34 m 18 s)
Must now allow the backups to re-build.

Will try your experiment tomorrow.

[william_syd]

Tomorrow... it's after 02:15hrs local;~)

Our works successfully configured the AV scan around disturbing
concurrent backups (ie didn't attempt to scan /mnt/) and avoided
trying to scan the main h/w RAID (which takes it over 5days).

AV scan report now back to 'normal':

Code: [Select]

LibClamAV Error: cli_untar: only standard TAR files are currently supported
LibClamAV Warning: Multipart MIME message contains no boundaries

----------- SCAN SUMMARY -----------
Known viruses: 71526
Engine version: 0.88.4
Scanned directories: 25314
Scanned files: 105851
Infected files: 0
Data scanned: 5951.30 MB
Time: 2058.589 sec (34 m 18 s)
Must now allow the backups to re-build.

Will try your experiment tomorrow.

Ok.

How did you configure it? How did you run clamav?

It's in the bug tracker anyway..
http://bugs.contribs.org/show_bug.cgi?id=1671

[william_syd]

There is a Bug raised already about some of these issues.

http://bugs.contribs.org/show_bug.cgi?id=1889

and other comments...

http://forums.contribs.org/index.php?topic=33160.0

[piran]

Piran,

Does the above work for you ?

Don't do it on a production SME.
As an experiment, at the command line try..

Code: [Select]

clamscan -r / \
 --exclude-dir=proc \
 --exclude-dir=sys \
 --exclude-dir=share \
 --exclude-dir=var \
 --exclude-dir=quarantine \
 --exclude-dir=mnt \
 --exclude-dir=ibays
Then try

Code: [Select]

clamscan -r / \
 --exclude /proc \
 --exclude /sys \
 --exclude /usr/share \
 --exclude /var \
 --exclude /var/spool/clamav/quarantine \
 --exclude /mnt \
 --exclude /home/e-smith/files/ibays

It's the production box.

[william_syd]

Yeah.. it locked up my machne at home.

For a time trial, try

Code: [Select]

clamscan -r --exclude-dir=/home /home
and

Code: [Select]

clamscan -r --exclude=/home /home

[piran]

Code: [Select]

[root@teri smeserver-dar2]# clamscan -r --exclude-dir=/home /home
/home: Excluded

----------- SCAN SUMMARY -----------
Known viruses: 71845
Engine version: 0.88.4
Scanned directories: 0
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 1.355 sec (0 m 1 s)
[root@teri smeserver-dar2]#


Code: [Select]

[root@teri smeserver-dar2]# clamscan -r --exclude=/home /home
(...log snipped...)

----------- SCAN SUMMARY -----------
Known viruses: 71845
Engine version: 0.88.4
Scanned directories: 16089
Scanned files: 0
Infected files: 0
Data scanned: 0.00 MB
Time: 65.680 sec (1 m 5 s)
[root@teri smeserver-dar2]#


[william_syd]

wow, just over a minutes difference.

BTW, /proc is never scanned by clamscan.

I'll leave it in the bug tracker and see what the developers say.

Thanks.