ClamAV – How to Make clamdscan Exclude Folders and Only Log Infected Files

clamav

My server is centos 7.4, with clamav 0.101.1-1.el7.
When I run clamscan -r --infected --exclude-dir="^/sys" / through terminal, I always wait more than 6 hours to get output.
And if I close terminal, clamscan will stop.

Then I want to use clamdscan to scan in background.
My question are:
1.How to --exclude-dir="^/sys" / with clamdscan?
2.How to make clamdscan only log --infected?

Best Answer

clamdscan does not have as many options available via the command line as clamscan
clamdscan reads most of its options from it's config file /etc/clamav/clamd.conf You can add multiple ExcludePath options in /etc/clamav/clamd.conf file. These are in RegEx:

ExcludePath ^/dev/
ExcludePath ^/proc/
ExcludePath ^/sys/

Then you can run it with:

clamdscan --multiscan --fdpass --quiet /

--multiscan will speed up the processing because it uses multiple threads.
--fdpass will allow you to scan files as the clamd user that the clamav-daemon.service runs as.
--quiet should suppress all output except infected files. At least that's what it seems to do on my system but that isn't how it is described in the documentation.

If you want to save to file you can just redirect the output clamdscan <options> > /save/file.txt
Or save it to file with the --log=FILE option.

Put you command in a cron job an you are done.
If you are scripting something I would suggest checking the exit codes for clamdscan and then having your script email you when it detects a virus:

0 : No virus found.
1 : Virus(es) found.
2 : An error occurred.

clamdscan documentation: https://linux.die.net/man/1/clamdscan
clamd.conf documentation: https://linux.die.net/man/5/clamd.conf

Best Answer

Related Solutions

Zimbra, how to turn off spamassasin and clamAV

Centos – iRedMail problem with amavis, clamav and freshclam

Related Topic