Mailing List Archive

[clamav-users] How to exclude specific files from clamdscan
Hello again! I am using clamav version 0.102.4, on Ubuntu 20.04.

I want clamd to exclude all pagefile.sys files it finds when scanning
mounted filesystems. Currently, it scans them. Is there anyway to do this?
I know on the source version you can add “Exclude Path”, but I’m not sure
if it works on the non-source version.

Additionally, it may get more complicated as the path to the pagefile.sys
is not the same for each file system. Is there a way to exclude a specific
file that matches a .sys extension?
Re: [clamav-users] How to exclude specific files from clamdscan [ In reply to ]
Hi there,

On Wed, 27 Jan 2021, Michael Kyriacou via clamav-users wrote:

> ... I am using clamav version 0.102.4, on Ubuntu 20.04.

You really should be upgrading to the latest version.

> I want clamd to exclude all pagefile.sys files it finds when scanning
> mounted filesystems. Currently, it scans them. Is there anyway to do this?
> I know on the source version you can add “Exclude Path”, but I’m not sure
> if it works on the non-source version.

Unless the package maintainer has done something staggeringly foolish,
it will work the same whether you build from source or use a package.

> Additionally, it may get more complicated as the path to the pagefile.sys
> is not the same for each file system. Is there a way to exclude a specific
> file that matches a .sys extension?

The 'ExcludePath' (not 'Exclude Path') directive takes as its argument
a regular expression. You just need to fabricate a regular expression
which matches all the files you don't want to scan. You can have more
than one 'ExcludePath' directive in the configuration file if you wish
and that might help if the regex gets unwieldy.

Feel free to experiment while looking at the verbose logs, no harm will
be done.

You could instead of course move your page files to some other place,
which won't be scanned.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to exclude specific files from clamdscan [ In reply to ]
Hello, thank you for the response. I tried to reinstall clamav after I saw
that there was a new update, but when I install it, it installs version
0.102.4.

Could you give me an example of an ‘ExcludePath’ that could do the
following:

Exclude a file in /path/to/file
Exclude a file in /different/path/to/file
Exclude all files with a .sys extension, regardless of path

P.S. I am mounting many file systems on a system, and scanning all the
files in them.


On Wed, Jan 27, 2021 at 10:41 AM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 27 Jan 2021, Michael Kyriacou via clamav-users wrote:
>
> > ... I am using clamav version 0.102.4, on Ubuntu 20.04.
>
> You really should be upgrading to the latest version.
>
> > I want clamd to exclude all pagefile.sys files it finds when scanning
> > mounted filesystems. Currently, it scans them. Is there anyway to do
> this?
> > I know on the source version you can add “Exclude Path”, but I’m not sure
> > if it works on the non-source version.
>
> Unless the package maintainer has done something staggeringly foolish,
> it will work the same whether you build from source or use a package.
>
> > Additionally, it may get more complicated as the path to the pagefile.sys
> > is not the same for each file system. Is there a way to exclude a
> specific
> > file that matches a .sys extension?
>
> The 'ExcludePath' (not 'Exclude Path') directive takes as its argument
> a regular expression. You just need to fabricate a regular expression
> which matches all the files you don't want to scan. You can have more
> than one 'ExcludePath' directive in the configuration file if you wish
> and that might help if the regex gets unwieldy.
>
> Feel free to experiment while looking at the verbose logs, no harm will
> be done.
>
> You could instead of course move your page files to some other place,
> which won't be scanned.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] How to exclude specific files from clamdscan [ In reply to ]
On Wed, 27 Jan 2021, G.W. Haywood via clamav-users wrote:

> Hi there,
>
> On Wed, 27 Jan 2021, Michael Kyriacou via clamav-users wrote:
>
> > ... I am using clamav version 0.102.4, on Ubuntu 20.04.
>
> You really should be upgrading to the latest version.

Sadly, 0.102.4 *is* the latest packaged version for Ubuntu.

--
Andrew C. Aitchison Kendal, UK
andrew@aitchison.me.uk

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to exclude specific files from clamdscan [ In reply to ]
Hi there,

On Wed, 27 Jan 2021, Michael Kyriacou via clamav-users wrote:

> Hello, thank you for the response. I tried to reinstall clamav after I saw
> that there was a new update, but when I install it, it installs version
> 0.102.4.

One of the problems with using packages is that they tend to be out of
date. For something like ClamAV I prefer to install from source.

> Could you give me an example of an ‘ExcludePath’ that could do the
> following:
>
> Exclude a file in /path/to/file

ExcludePath ^/path/to/file$

> Exclude a file in /different/path/to/file

ExcludePath ^/different/path/to/file$

> Exclude all files with a .sys extension, regardless of path

ExcludePath .*\.sys$

There are many sources of information and tutorials about regular
expressions available on the Web. There are unfortunately a few
different kinds of regular expressions. Stick to the POSIX kind
and you should be OK. The regexes used in signatures may be of a
different (and simplified) kind from POSIX expressions, don't get
confused if you come across them in the signature documentation.
POSIX expressions work there too, but possibly less efficiently.

Don't forget to restart the clamd daemon after changing clamd.conf
(or whatever your package calls the configuration file).

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] How to exclude specific files from clamdscan [ In reply to ]
Ok thank you very much

On Wed, Jan 27, 2021 at 11:56 AM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 27 Jan 2021, Michael Kyriacou via clamav-users wrote:
>
> > Hello, thank you for the response. I tried to reinstall clamav after I
> saw
> > that there was a new update, but when I install it, it installs version
> > 0.102.4.
>
> One of the problems with using packages is that they tend to be out of
> date. For something like ClamAV I prefer to install from source.
>
> > Could you give me an example of an ‘ExcludePath’ that could do the
> > following:
> >
> > Exclude a file in /path/to/file
>
> ExcludePath ^/path/to/file$
>
> > Exclude a file in /different/path/to/file
>
> ExcludePath ^/different/path/to/file$
>
> > Exclude all files with a .sys extension, regardless of path
>
> ExcludePath .*\.sys$
>
> There are many sources of information and tutorials about regular
> expressions available on the Web. There are unfortunately a few
> different kinds of regular expressions. Stick to the POSIX kind
> and you should be OK. The regexes used in signatures may be of a
> different (and simplified) kind from POSIX expressions, don't get
> confused if you come across them in the signature documentation.
> POSIX expressions work there too, but possibly less efficiently.
>
> Don't forget to restart the clamd daemon after changing clamd.conf
> (or whatever your package calls the configuration file).
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>