Results 1 to 8 of 8

Thread: clamscan - scanning system folders

  1. #1

    Default clamscan - scanning system folders

    I need to know which folders I should be scanning for binary files. Are these correct? Do I need to add the boot folder?

    /bin
    /sbin
    /usr
    /home
    /lib
    /opt

    I'v checked various linux websites to get this list. The Linux kernel is in the boot folder.

  2. #2
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    29,698
    Blog Entries
    15

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by lord_valarian View Post
    I need to know which folders I should be scanning for binary files. Are these correct? Do I need to add the boot folder?

    /bin
    /sbin
    /usr
    /home
    /lib
    /opt

    I'v checked various linux websites to get this list. The Linux kernel is in the boot folder.
    Hi
    What makes you think a file of the malicious kind would reside in a folder designated by FSH?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  3. #3

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by malcolmlewis View Post
    Hi
    What makes you think a file of the malicious kind would reside in a folder designated by FSH?
    I don't understand the comment that well.

    I'm just trying to make workaround since 'clamscan \ ' skips the home folder for some reason. Now, it will use a list of folders in one file for a general scan. I can do it as folders to skip.

  4. #4
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    29,698
    Blog Entries
    15

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by lord_valarian View Post
    I don't understand the comment that well.

    I'm just trying to make workaround since 'clamscan \ ' skips the home folder for some reason. Now, it will use a list of folders in one file for a general scan. I can do it as folders to skip.
    Hi
    A file containing something malicious can reside anywhere on the system be that filesystem or ram, a running process (there are a few apps that developers have included mining software which AFAIK didn't last long). $HOME is probably the most likely point of entry for something containing a threat, perhaps you need to look at why your script is skipping $HOME?
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  5. #5

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by malcolmlewis View Post
    Hi
    A file containing something malicious can reside anywhere on the system be that filesystem or ram, a running process (there are a few apps that developers have included mining software which AFAIK didn't last long). $HOME is probably the most likely point of entry for something containing a threat, perhaps you need to look at why your script is skipping $HOME?
    The script isn't skipping the '/home' folder. The engine clamscan is skipping it.

    Code:
    clamscan -r -i / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no
    clamscan /
    If I redirect the output to a file, the /home directory is 'excluded'. So, I'm rewriting the code to scan all folders 'ls -1', manually exclude some folders, such as sys proc dev snapshots.


    I should scan running processes, but haven't found out how to do this yet.

  6. #6
    Join Date
    Jun 2008
    Location
    Podunk
    Posts
    29,698
    Blog Entries
    15

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by lord_valarian View Post
    The script isn't skipping the '/home' folder. The engine clamscan is skipping it.

    Code:
    clamscan -r -i / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no
    clamscan /
    If I redirect the output to a file, the /home directory is 'excluded'. So, I'm rewriting the code to scan all folders 'ls -1', manually exclude some folders, such as sys proc dev snapshots.


    I should scan running processes, but haven't found out how to do this yet.
    Hi
    That's likely if the on access scanner is running it should be configured to skip user $HOME dirs....
    https://www.clamav.net/documents/on-access-scanning
    Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
    SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
    If you find this post helpful and are logged into the web interface,
    please show your appreciation and click on the star below... Thanks!

  7. #7

    Default Re: clamscan - scanning system folders

    So, back to the original question. Which directories should I be excluding for clamscan?

    The config file I create uses this data.

    Excluded Scan Folders
    etc dev proc tmp mnt media srv .snapshots

  8. #8

    Default Re: clamscan - scanning system folders

    Quote Originally Posted by malcolmlewis View Post
    Hi
    That's likely if the on access scanner is running it should be configured to skip user $HOME dirs....
    https://www.clamav.net/documents/on-access-scanning
    If you mean the live virus scanning, it's made for single scans only. I'v just bypassed that so I have full control of what folders are scanned.


    https://www.howtogeek.com/117435/htg...ure-explained/

    https://www.interserver.net/tips/kb/...ies-explained/

    https://www.tecmint.com/linux-direct...ths-explained/


    This is the current list of excluded folders:

    ExcludedScanFolders= dev etc proc tmp srv sys .snapshots

    Are these right for kde-linux? Other systems? One that crosses most linux systems?

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •