I need to know which folders I should be scanning for binary files. Are these correct? Do I need to add the boot folder?
/bin
/sbin
/usr
/home
/lib
/opt
I'v checked various linux websites to get this list. The Linux kernel is in the boot folder.
Wise Penguin
clamscan - scanning system folders
I need to know which folders I should be scanning for binary files. Are these correct? Do I need to add the boot folder?
/bin
/sbin
/usr
/home
/lib
/opt
I'v checked various linux websites to get this list. The Linux kernel is in the boot folder.
Re: clamscan - scanning system folders
HiOriginally Posted by lord_valarian
What makes you think a file of the malicious kind would reside in a folder designated by FSH?
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!
Wise Penguin
Re: clamscan - scanning system folders
I don't understand the comment that well.
I'm just trying to make workaround since 'clamscan \ ' skips the home folder for some reason. Now, it will use a list of folders in one file for a general scan. I can do it as folders to skip.
Re: clamscan - scanning system folders
Hi
A file containing something malicious can reside anywhere on the system be that filesystem or ram, a running process (there are a few apps that developers have included mining software which AFAIK didn't last long). $HOME is probably the most likely point of entry for something containing a threat, perhaps you need to look at why your script is skipping $HOME?
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!
Wise Penguin
Re: clamscan - scanning system folders
The script isn't skipping the '/home' folder. The engine clamscan is skipping it.
If I redirect the output to a file, the /home directory is 'excluded'. So, I'm rewriting the code to scan all folders 'ls -1', manually exclude some folders, such as sys proc dev snapshots.Code:clamscan -r -i / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no clamscan /
I should scan running processes, but haven't found out how to do this yet.
Re: clamscan - scanning system folders
Hi
That's likely if the on access scanner is running it should be configured to skip user $HOME dirs....
https://www.clamav.net/documents/on-access-scanning
Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
SUSE SLE, openSUSE Leap/Tumbleweed (x86_64) | GNOME DE
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!
Wise Penguin
Re: clamscan - scanning system folders
So, back to the original question. Which directories should I be excluding for clamscan?
The config file I create uses this data.
Excluded Scan Folders
etc dev proc tmp mnt media srv .snapshots
Wise Penguin
Re: clamscan - scanning system folders
If you mean the live virus scanning, it's made for single scans only. I'v just bypassed that so I have full control of what folders are scanned.
https://www.howtogeek.com/117435/htg...ure-explained/
https://www.interserver.net/tips/kb/...ies-explained/
https://www.tecmint.com/linux-direct...ths-explained/
This is the current list of excluded folders:
ExcludedScanFolders= dev etc proc tmp srv sys .snapshots
Are these right for kde-linux? Other systems? One that crosses most linux systems?
Posting Permissions
Reply With Quote
Bookmarks