clamav-users October 2011 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [clamav-users] Scan files by date

Re: [clamav-users] Scan files by date

From: Matus UHLAR - fantomas <uhlar_at_nospam>
Date: Fri Oct 14 2011 - 10:31:42 GMT
To: clamav-users@lists.clamav.net

>On 10/10/2011 5:28 AM, Matus UHLAR - fantomas wrote:
>>> On 9/30/2011 10:56 PM, Nathan Gibbs wrote:
>>>> clamscan itself isn't that smart, but if you are using unix, find could
>>>> feed a list of things to clamscan.
>> On 03.10.11 11:34, Bowie Bailey wrote:
>> >Just keep in mind that it is quite easy to arbitrarily change a file's
>>> timestamp in linux, so it would be possible for a malicious program to
>>> modify a file and then update the timestamp so that it looks like the
>>> file has not been modified.
>> luckily un*x filesystems have ctime (inode change time) which changes
>> everytime someone does this, so find can use -ctime option to get even
>> such files

On 10.10.11 11:36, Bowie Bailey wrote:
>That is much safer than using mtime, but ctime can still be modified if
>a hacker/malicious program has root access.

if a hacker/malicious program has root access, it's quite irelevant
whether what data will clamav get...

-- Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml