I run a clamav scan weekly on my servers. There is one server with a raid6 cluster of 30TB of disk space where the scan take more than 24h to run.
So I wonder how can I run clamscan on the whole filesystem, taking advantage of the several cores the server has? The server has good i/o capacities and I would like the scan to go as fast as the hardware can go.
I know about the --multiscan
parameter of clamdscan
. The main issue I have with clamdscan is that it cannot process files that the clamav
user cannot access, and it seems discouraged to run the daemon as root.
I saw some people are using parallel to achieve this but I could not find a clean command that would really scan the whole filesystem.
Best Answer
You've got two separate questions:
clamdscan
- apart from combining--multiscan
and--fdscan
there's little you can do. Alternatively, you can run multiple instances ofclamscan
on separate folders independently from the daemon.clamd
can't access - this isn't possible.clamd
requires at least read access to any files that you want to scan and report, and write access to any files you want to scan and clean. I'd run the daemon with read access only and handle the reports manually. If you don't trust ClamAV to be able to handle malicious files you should use another scanner.