|Main Archive Page > Month Archives > clamav-users archives|
>On 10/10/2011 5:28 AM, Matus UHLAR - fantomas wrote:
>>> On 9/30/2011 10:56 PM, Nathan Gibbs wrote:
>>>> clamscan itself isn't that smart, but if you are using unix, find could
>>>> feed a list of things to clamscan.
>> On 03.10.11 11:34, Bowie Bailey wrote:
>> >Just keep in mind that it is quite easy to arbitrarily change a file's
>>> timestamp in linux, so it would be possible for a malicious program to
>>> modify a file and then update the timestamp so that it looks like the
>>> file has not been modified.
>> luckily un*x filesystems have ctime (inode change time) which changes
>> everytime someone does this, so find can use -ctime option to get even
>> such files
On 10.10.11 11:36, Bowie Bailey wrote:
>That is much safer than using mtime, but ctime can still be modified if
>a hacker/malicious program has root access.
if a hacker/malicious program has root access, it's quite irelevant
whether what data will clamav get...
-- Matus UHLAR - fantomas, uhlar_at_fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Windows 2000: 640 MB ought to be enough for anybody _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml