Scan the full filesystem in parallel with clamscan

anti-virus multi-core clamav parallel-computing
8,375

You've got two separate questions:

  1. Parallelize clamdscan - apart from combining --multiscan and --fdscan there's little you can do. Alternatively, you can run multiple instances of clamscan on separate folders independently from the daemon.
  2. Scan files that clamd can't access - this isn't possible. clamd requires at least read access to any files that you want to scan and report, and write access to any files you want to scan and clean. I'd run the daemon with read access only and handle the reports manually. If you don't trust ClamAV to be able to handle malicious files you should use another scanner.
Share:
8,375

Related videos on Youtube

azmeuk
Author by

azmeuk

Updated on September 18, 2022

Comments

  • azmeuk
    azmeuk 9 months

    I run a clamav scan weekly on my servers. There is one server with a raid6 cluster of 30TB of disk space where the scan take more than 24h to run.

    So I wonder how can I run clamscan on the whole filesystem, taking advantage of the several cores the server has? The server has good i/o capacities and I would like the scan to go as fast as the hardware can go.

    I know about the --multiscan parameter of clamdscan. The main issue I have with clamdscan is that it cannot process files that the clamav user cannot access, and it seems discouraged to run the daemon as root.

    I saw some people are using parallel to achieve this but I could not find a clean command that would really scan the whole filesystem.

    • FooBee
      FooBee almost 5 years
      What is the limiting factor? Actually being able to scan 30TB per day means the disk array is delivering 364 MB/sec to the scanner - are you sure it is able to deliver sustantially more I/O performance to begin with?
    • Lenniey
      Lenniey almost 5 years
      If you really have more I/O than 364MB/s, why don't you use clamdscan with the -m option?
    • azmeuk
      azmeuk almost 5 years
      I understand that the clamav daemon do not run as root but as the user clamav by default on most linux distributions. To scan the whole filesystem I need the scanning program to be able to run as root. Most of the doc I found advise never run the daemon as root. What do you think?
    • yagmoth555
      yagmoth555 almost 5 years
      I'am a linux newbie there, but can you map the /home from another server and start the scan from there ?
  • azmeuk
    azmeuk almost 5 years
    Why would I need to not scan a file? If I am searching for malicious files, it seems interesting to scan absolutely everything I can, whatever resources I takes, don't you think? Viruses can hide in iso files, so why would I exclude them from my scan?
  • Andrey Bondarenko over 4 years
    You need to be performance-wise and address your threat model. After 10 years in AV vendor and other years in infosec, I would tell that scanning file storages daily is mostly useless waste of resources so scanning executables are enough. If you really need to scan your files storages every day with repacking all archives you have bigger problems.
  • azmeuk
    azmeuk over 4 years
    So if a malicious software want to hide a virus, it just has to remove the read access from clamd? Isn't it a huge security hole?
  • azmeuk
    azmeuk over 4 years
    --fdscan allows a lot more files to scan though.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Use ClamAV to scan large files
How to scan only last 24 hours files with clamav
Is it possible to check the progress of of a currently running clamAV scan?
Is it safe to disable clamd?
How should I test Clam Anti-Virus?
clamd says socket in use by another process but I can't find one
Freshclam error
How to schedule ClamAv to perform a daily scan
Meaning of Total errors on result of Clamav scan
How to avoid clamdscan's "ERROR: Can't access file [dead link]"?