clamscan - scanning system folders

I need to know which folders I should be scanning for binary files. Are these correct? Do I need to add the boot folder?

/bin
/sbin
/usr
/home
/lib
/opt

I’v checked various linux websites to get this list. The Linux kernel is in the boot folder.

Hi
What makes you think a file of the malicious kind would reside in a folder designated by FSH?

I don’t understand the comment that well.

I’m just trying to make workaround since 'clamscan \ ’ skips the home folder for some reason. Now, it will use a list of folders in one file for a general scan. I can do it as folders to skip.

Hi
A file containing something malicious can reside anywhere on the system be that filesystem or ram, a running process (there are a few apps that developers have included mining software which AFAIK didn’t last long). $HOME is probably the most likely point of entry for something containing a threat, perhaps you need to look at why your script is skipping $HOME?

The script isn’t skipping the ‘/home’ folder. The engine clamscan is skipping it.

clamscan -r -i / --exclude-dir=/sys --exclude-dir=/proc --exclude-dir=/dev --exclude-dir=/.snapshots --follow-dir-symlinks=0 --follow-file-symlinks=0 --cross-fs=no
clamscan /

If I redirect the output to a file, the /home directory is ‘excluded’. So, I’m rewriting the code to scan all folders ‘ls -1’, manually exclude some folders, such as sys proc dev snapshots.

I should scan running processes, but haven’t found out how to do this yet.

Hi
That’s likely if the on access scanner is running it should be configured to skip user $HOME dirs…

So, back to the original question. Which directories should I be excluding for clamscan?

The config file I create uses this data.

Excluded Scan Folders
etc dev proc tmp mnt media srv .snapshots

If you mean the live virus scanning, it’s made for single scans only. I’v just bypassed that so I have full control of what folders are scanned.

https://www.interserver.net/tips/kb/linux-binary-directories-explained/

This is the current list of excluded folders:

ExcludedScanFolders= dev etc proc tmp srv sys .snapshots

Are these right for kde-linux? Other systems? One that crosses most linux systems?

clamscan is not the clamd real time scanner.

Do you mean use the clamd ‘clamd.conf’ to override the home and root block on ‘clamscan’?