Results 1 to 7 of 7

Thread: KDE - clamscan, linux file structure

  1. #1

    Default KDE - clamscan, linux file structure

    In my scanvirus script, it can scan windows only by using the partition type: vfat and ntfs

    When I tried to use this to linux, using xfs, btrfs it choked(errored) and left out many files on the \. I tried a bootable flash drive. It couldn't handle that either.



    I want to design to divide the logs up by device: (example)

    SSD main drive (linux)
    magnetic drive (windows)
    flashdrive 1 (ntfs)
    flashdrive 2 (bootable linux drive).
    flashdrive 3 (linux file storage)


    I understand some of Linux file structure. I need help understanding how these devices are structured. "blkid -o list"

  2. #2
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,920
    Blog Entries
    2

    Default Re: KDE - clamscan, linux file structure

    I highly doubt that clamscan or your app should want to identify disks and partitions by blkid, that's the next layer below how OS (including Linux) normally identify once the disk is set up. I've seen blkid used when first setting up the geometry of a disk, or when you can't don't want to use or can't trust the file system info... like data recovery and fs block and partition alignment

    So, the question might be... Should your virus scanning trust the file system or are you trying to do a deeper scan for files that might be hidden from the file system?

    I would expect that if you're doing regular file system scanning, you probably don't want to use blockid, You'll want to use methods that for instance you'll find in fstab.
    Code:
    /dev/disk/by-id|by-label|by-path|by-uuid
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  3. #3
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,648

    Default Re: KDE - clamscan, linux file structure

    You don't want to try and scan the virtual directories that are created at run time. These include /proc /dev /dev they don't exist on the disk. Some files can be huge since they represent the total address space of the processor.

  4. #4

    Default Re: KDE - clamscan, linux file structure

    Hi,

    I think the previous post was meant to be

    Code:
    /proc
    /dev
    /sys
    directories.
    "Unfortunately time is always against us" -- [Morpheus]

    .:https://github.com/Jetchisel:.

  5. #5

    Default Re: KDE - clamscan, linux file structure

    I checked fstab when put in a flash drive and nothing appeared. Does fstab need to be updated?

  6. #6
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,648

    Default Re: KDE - clamscan, linux file structure

    /etc/fstab is static ie does not change it is only the mounts used at boot. removable drives are handled by udev

  7. #7
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    10,920
    Blog Entries
    2

    Default Re: KDE - clamscan, linux file structure

    In my previous post, I suggested <methods> used by fstab, for instance how disks and partitions are identified, the file system, etc.

    Take a look at how existing AV work...
    You'll find for instance that most scan only specific locations, and start with standard places personal files are stored... And for various reasons are largely only fixed locations and often only on the first disk (it's the only locations that are guaranteed to exist).

    You'll probably also find that no removable media is ordinarily scanned, but might be scanned as part of the device recognition and mounting procedure.

    Otherwise, if you want to go down a path no one else has gone I guess you can use tools like fdisk and df to read all system mounted partitions... But you'd be on your own exactly how and what you'd be doing (It's a good hint not to do something if no one before you is already doing it).

    Good Luck,
    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •