How to make `clamdscan` exclude folders and only log `--infected`?
clamdscan
does not have as many options available via the command line as clamscan
clamdscan
reads most of its options from it's config file /etc/clamav/clamd.conf
You can add multiple ExcludePath
options in /etc/clamav/clamd.conf
file.
These are in RegEx:
ExcludePath ^/dev/
ExcludePath ^/proc/
ExcludePath ^/sys/
Then you can run it with:
clamdscan --multiscan --fdpass --quiet /
--multiscan
will speed up the processing because it uses multiple threads.--fdpass
will allow you to scan files as the clamd user that the clamav-daemon.service runs as.--quiet
should suppress all output except infected files. At least that's what it seems to do on my system but that isn't how it is described in the documentation.
If you want to save to file you can just redirect the output clamdscan <options> > /save/file.txt
Or save it to file with the --log=FILE
option.
Put you command in a cron job an you are done.
If you are scripting something I would suggest checking the exit codes for clamdscan
and then having your script email you when it detects a virus:
0 : No virus found.
1 : Virus(es) found.
2 : An error occurred.
clamdscan
documentation: https://linux.die.net/man/1/clamdscanclamd.conf
documentation: https://linux.die.net/man/5/clamd.conf