On 2024-11-04, at 13:55:28, Steven Levine wrote:

In <list-11205781@2rosenthals.com>, on 11/04/24
   at 10:36 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:

Hi Massimo,

i run this command for each domain

Can I conclude you pasted a partially wrong command line?  When you are
running for a domain, you will need to use --recurse.

and i also run it "divided" on some single recipient directories for the
small ones eg.
X:\weasel\MailRoot\mydomain.com\mail1
X:\weasel\MailRoot\mydomain.com\mail2
etc..

For the large mailstores, you may have to use --include and --exclude to
subdivide the directory contents into smaller chunks.

Another option you have is to limit clamscan to checking only the recently
modified files.  Use your favorite file manager to build a list of the
recenly modified files and run clamscan with the --file-list=FILE switch
option.

Given what we know about clamscan's memory usage and your mailstores, I
probably would use the --file-list option for all runs.  With 4OS2 and
some easily accessible utilities, this is easy.  To check all files
changed in the last 5 days, it's

dir /[d-5,%_DATE] /a:-d /f /s maildir... >5days.lst
clamscan ... --file-lst=5days.lst

where ... are your current switch options, excluding --recurse of course.

If the resulting list is still too large for clamscan to handle without
errors, we can use split to break the list into smaller lists that
clamscan can handle.  For 200 lines per file, it's

split -l200 5days.lst

The resulting split files will be named xaa, aab etc.  We can adjust 200
upward until clamscan start to fail due to memory issues.  Then it's

  for %XX in ( x* ) clamscan ... --file-list=%XX

To use the above technique to check all files, we use

dir /a:-d /f /s maildir... >allfiles.lst

Y: and Z: are both ramdisk filesystems
but also i believe this is not important

I agree.  This does not appear to be related to your problems.

Steven

I have been following this, and would like to make some comments:

First, I used Clamscan, some years ago. to scan my mail store (in PMMail). It was a memory hog, and was causing a lot more problems than any virus ever did. So I quit using it.

Not feeling good about that, I did some experimenting. I came to the conclusion that OS/2 is not vulnerable to viruses, so the only way a file would be infected, was before it arrived on my system. The solution was to scan every (e-mail) file, as it arrived (PMMail can run programs as files arrive - I am pretty sure that weasel can too). I seem to recall using ClamDscan for some reason (probably so it was already loaded, and didn't have to restart for every run - reducing fragmentation problems). Now, I was scanning ONE file at a time, which did not solve all of the problems, but it was much better. Once the file is stored in OS/2, the chances that it will be infected are very close to zero. There is no point in scanning them again, unless you want to do them, one at a time, as they exit your system. Users should have appropriate protection against malware anyway. Then, I decided that I was the only user, so there was no point in scanning files, at all. So I quit using C
lamscan. In the five, or so, years that I did use Clamscan, it never did find a bad file (other than one that I had for testing).

Another approach, that worked, was to use a windows (Linux?) virus scanner, to scan the files over the LAN. I never bothered to actually implement that, but it does work.

Hope this gives you some ideas...