Re: [eCS-ISP] clamscan issue - directories with a lot of files
Dátum:
Mon, 04 Nov 2024 18:48:00 -0700 (MST)
Komu:
"Steven Levine" <ecs-isp@2rosenthals.com>
On 2024-11-04, at 13:55:28, Steven Levine wrote:
>
>In <list-11205781@2rosenthals.com>, on 11/04/24
> at 10:36 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
>
>Hi Massimo,
>
>>i run this command for each domain
>
>Can I conclude you pasted a partially wrong command line? When you are
>running for a domain, you will need to use --recurse.
>
>>and i also run it "divided" on some single recipient directories for the
>>small ones eg.
>>X:\weasel\MailRoot\mydomain.com\mail1
>>X:\weasel\MailRoot\mydomain.com\mail2
>>etc..
>
>For the large mailstores, you may have to use --include and --exclude to
>subdivide the directory contents into smaller chunks.
>
>Another option you have is to limit clamscan to checking only the recently
>modified files. Use your favorite file manager to build a list of the
>recenly modified files and run clamscan with the --file-list=FILE switch
>option.
>
>Given what we know about clamscan's memory usage and your mailstores, I
>probably would use the --file-list option for all runs. With 4OS2 and
>some easily accessible utilities, this is easy. To check all files
>changed in the last 5 days, it's
>
> dir /[d-5,%_DATE] /a:-d /f /s maildir... >5days.lst
> clamscan ... --file-lst=5days.lst
>
>where ... are your current switch options, excluding --recurse of course.
>
>If the resulting list is still too large for clamscan to handle without
>errors, we can use split to break the list into smaller lists that
>clamscan can handle. For 200 lines per file, it's
>
> split -l200 5days.lst
>
>The resulting split files will be named xaa, aab etc. We can adjust 200
>upward until clamscan start to fail due to memory issues. Then it's
>
> for %XX in ( x* ) clamscan ... --file-list=%XX
>
>To use the above technique to check all files, we use
>
> dir /a:-d /f /s maildir... >allfiles.lst
>
>>Y: and Z: are both ramdisk filesystems
>>but also i believe this is not important
>
>I agree. This does not appear to be related to your problems.
>
>Steven
I have been following this, and would like to make some comments:
First, I used Clamscan, some years ago. to scan my mail store (in PMMail). It was a memory hog, and was causing a lot more problems than any virus ever did. So I quit using it.
Not feeling good about that, I did some experimenting. I came to the conclusion that OS/2 is not vulnerable to viruses, so the only way a file would be infected, was before it arrived on my system. The solution was to scan every (e-mail) file, as it arrived (PMMail can run programs as files arrive - I am pretty sure that weasel can too). I seem to recall using ClamDscan for some reason (probably so it was already loaded, and didn't have to restart for every run - reducing fragmentation problems). Now, I was scanning ONE file at a time, which did not solve all of the problems, but it was much better. Once the file is stored in OS/2, the chances that it will be infected are very close to zero. There is no point in scanning them again, unless you want to do them, one at a time, as they exit your system. Users should have appropriate protection against malware anyway. Then, I decided that I was the only user, so there was no point in scanning files, at all. So I quit using C
lamscan. In the five, or so, years that I did use Clamscan, it never did find a bad file (other than one that I had for testing).
Another approach, that worked, was to use a windows (Linux?) virus scanner, to scan the files over the LAN. I never bothered to actually implement that, but it does work.
Hope this gives you some ideas...
--
****************************
From Doug Bissett's ArcaOS system
dougb007 AT ocii.com
****************************
... The only shortage we really face is the shortage of imagination.
spä? do zoznamu