CLAMAV Best Practices

Support for security such as Firewalls and securing linux
david.livelsberger
Posts: 1
Joined: 2017/07/20 15:15:14

CLAMAV Best Practices

Postby david.livelsberger » 2017/10/13 11:25:39

To ensure compliance with our parent company's audit rules, I am installing clamav anti-virus software on our CENTOS 6 cloud servers located at Rackspace. I have installed and configured the software on a test server. My first question for the forum is what directories should I scan? Right now, I am only scanning the /home directory. My second question, is how do I add to a script that I want to scan more than one directory?
I am including below a code snippet from the shell script that runs in CRON.

clamscan /home -r \
--move=/var/log/clamav \
--log=$LOG_FILE

User avatar
TrevorH
Forum Moderator
Posts: 21206
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CLAMAV Best Practices

Postby TrevorH » 2017/10/13 13:29:44

Reading man clamscan seems to show that you can specify --include-dir= multiple times in the same clamscan run so that's how I'd do it. Depending on your server use case you might want to scan more than /home - for example a mail server might have a spool directory that you'd want to scan though for a mail server it would probably be better to implement a scanning technique that calls out from the mail server software to scan mails as they arrive...
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke