| | 
| Från: | "Doug Bissett" <ecs-isp@2rosenthals.com> | Meddelandehuvud Oavkodat meddelande
 |  
| Ämne: | Re: [eCS-ISP] clamscan issue - directories with a lot of files |  
| Datum: | Mon, 04 Nov 2024 18:48:00 -0700 (MST) |  
| Till: | "Steven Levine" <ecs-isp@2rosenthals.com> |  | 
|---|
 On 2024-11-04, at 13:55:28, Steven Levine wrote:
 >
 >In <list-11205781@2rosenthals.com>, on 11/04/24
 >   at 10:36 PM, "Massimo S." <ecs-isp@2rosenthals.com> said:
 >
 >Hi Massimo,
 >
 >>i run this command for each domain
 >
 >Can I conclude you pasted a partially wrong command line?  When you are
 >running for a domain, you will need to use --recurse.
 >
 >>and i also run it "divided" on some single recipient directories for the
 >>small ones eg.
 >>X:\weasel\MailRoot\mydomain.com\mail1
 >>X:\weasel\MailRoot\mydomain.com\mail2
 >>etc..
 >
 >For the large mailstores, you may have to use --include and --exclude to
 >subdivide the directory contents into smaller chunks.
 >
 >Another option you have is to limit clamscan to checking only the recently
 >modified files.  Use your favorite file manager to build a list of the
 >recenly modified files and run clamscan with the --file-list=FILE switch
 >option.
 >
 >Given what we know about clamscan's memory usage and your mailstores, I
 >probably would use the --file-list option for all runs.  With 4OS2 and
 >some easily accessible utilities, this is easy.  To check all files
 >changed in the last 5 days, it's
 >
 > dir /[d-5,%_DATE] /a:-d /f /s maildir... >5days.lst
 > clamscan ... --file-lst=5days.lst
 >
 >where ... are your current switch options, excluding --recurse of course.
 >
 >If the resulting list is still too large for clamscan to handle without
 >errors, we can use split to break the list into smaller lists that
 >clamscan can handle.  For 200 lines per file, it's
 >
 > split -l200 5days.lst
 >
 >The resulting split files will be named xaa, aab etc.  We can adjust 200
 >upward until clamscan start to fail due to memory issues.  Then it's
 >
 >  for %XX in ( x* ) clamscan ... --file-list=%XX
 >
 >To use the above technique to check all files, we use
 >
 > dir /a:-d /f /s maildir... >allfiles.lst
 >
 >>Y: and Z: are both ramdisk filesystems
 >>but also i believe this is not important
 >
 >I agree.  This does not appear to be related to your problems.
 >
 >Steven
 
 I have been following this, and would like to make some comments:
 
 First, I used Clamscan, some years ago. to scan my mail store (in PMMail). It was a memory hog, and was causing a lot more problems than any virus ever did. So I quit using it.
 
 Not feeling good about that, I did some experimenting. I came to the conclusion that OS/2 is not vulnerable to viruses, so the only way a file would be infected, was before it arrived on my system. The solution was to scan every (e-mail) file, as it arrived (PMMail can run programs as files arrive - I am pretty sure that weasel can too). I seem to recall using ClamDscan for some reason (probably so it was already loaded, and didn't have to restart for every run - reducing fragmentation problems). Now, I was scanning ONE file at a time, which did not solve all of the problems, but it was much better. Once the file is stored in OS/2, the chances that it will be infected are very close to zero. There is no point in scanning them again, unless you want to do them, one at a time, as they exit your system. Users should have appropriate protection against malware anyway. Then, I decided that I was the only user, so there was no point in scanning files, at all. So I quit using C
 lamscan. In the five, or so, years that I did use Clamscan, it never did find a bad file (other than one that I had for testing).
 
 Another approach, that worked, was to use a windows (Linux?) virus scanner, to scan the files over the LAN. I never bothered to actually implement that, but it does work.
 
 Hope this gives you some ideas...
 
 --
 ****************************
 From Doug Bissett's ArcaOS system
 dougb007 AT ocii.com
 ****************************
 ... The only shortage we really face is the shortage of imagination.
 
 |