[Support] ClamAV


Recommended Posts

11 hours ago, doogle said:

Anyone know how to get clamav to not scan .iso files. I would like to use it from the command line and not write a mile long script.

I have tried --exclude=*.iso and ?.iso  but neither one worked.

 

If I have posted this in the wrong spot. please excuse me. I tried doing a search for this but when it returns 10 plus pages... what is the point of a search. This forum software kinda sucks.

 

You can add your --exclude to the post-args section.

 

Per the man page, you must use REGEX for the exclude option. I tested this in my environment.

--exclude="^(.*\.iso)$"

 

Link to comment
On 2/11/2024 at 4:53 AM, TQ said:

 

You can add your --exclude to the post-args section.

 

Per the man page, you must use REGEX for the exclude option. I tested this in my environment.

--exclude="^(.*\.iso)$"

 

Thanx for the response! I did investigate the REGEX thing. oh boy it started giving me a headache. You could earn a masters degree trying to figure that stuff out! I tried to find a way to change the defaults when clamav starts up but apparently the configure script is just not there with the unraid version. It looks like from the standard clamav documentation your supposed to be able to run this script, but it did not exist in my docker. Here is what I ended up coming up with .....

clamscan -r -i -z --exclude=\.iso --detect-pua=yes --alert-broken=yes --alert-broken-media=yes --alert-encrypted=yes --alert-macros=yes --alert-exceeds-max=no --max-dir-recursion=300 --max-recursion=300 -l /var/clamav.log /scan

 

I noticed that your version of the regex uses the ^ symbol, which I took from the documentation to mean DOES NOT MATCH.  Like I said the regex stuff is not very friendly at all. I just used the \.iso figuring the chances of running into a file that has .iso in the filename and not the extension are pretty slim. I found it annoying that I can only get clamav to scan up to a 4 Gb file. It does seem to find stuff that other av's do not so I'm happy with that.

Edited by doogle
forgot to ask
Link to comment
  • 2 weeks later...

Hello,

  I am playing around with this, big TY to TQ (and Squid for the accompanying script).

  When testing the docker ClamAV I view <docker logs ClamAV> and get the scan summary with the tested directory as explained early in the thread.  I see the correct number of files scanned.  I set the container to scan a different dir and I get the same correct results as well.  Everything seems to be working great.

 

My question:  Why is it that during the scan, the disk(s) on my array do not spin up for this activity?  I am 100% sure the files are on certain HDDs and not cached.

 

This is causing my brain to blue screen.

Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.