On-demand scanning for only news files or scan a list from a file
I run a free to use file hosting service and with it are the risks of abuse for malware. In the past I've used ClamAV with a bash script to search for any files that are as old or newer than X minutes, usually about 5 minutes and put the found files listed line by line in a file and ClamAV will scan those files only. Put on a Cron for every 5 minutes to run. ClamAV's detection is pathetic though and has not caught most of the stuff it has needed to find. So switching over to Sophos Linux, it has done a great job already detecting multiple files of the uploaded files folder that ClamAV had already missed in the past. It takes just 3 1/2 minutes for it to scan through 3500+ files and archives totaling 17 gigs. I have it set to scan the whole directory every 5 minutes. This takes a while, even if it is under 3 1/2 mins. Ideally I want Sophos to only scan new files so it can be set to run every minute, or every 5 minutes, whether that be from it's command line or via it reading a file list. This way newly uploaded malware is taken care of as fast as possible for the security of the end users. Here is the script file I use for Sophos already: #! /bin/bash
PATH=/home/user:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
if [[ $UID -ne 0 ]]; then sudo "$0"; exit 0; fi
# Directories to scan
scan_dir="/home/user/directory/files/"
# Virus relocation folder
virus_vault="/home/user/directory/viruses/files/"
# Create new log folder if it doesn't exist
mkdir -p /home/user/directory/viruses/logs/$(date +%Y-%m)
# Location of log file
tmp_log_file="/home/user/directory/viruses/logs/$(date +%Y-%m)/sophos-scan-$(date +%Y-%m-%d)-tmp.log"
log_file="/home/user/directory/viruses/logs/$(date +%Y-%m)/sophos-scan-$(date +%Y-%m-%d).log"
# Scan files and remove (--remove) infected
savscan $scan_dir -nc -ss -archive -all -suspicious -pua --quarantine -move=$virus_vault -p=$tmp_log_file
# Format log
echo " " >> "$log_file"
echo " " >> "$log_file"
echo "-----------------" >> "$log_file"
echo " " >> "$log_file"
date >> "$log_file"
echo " " >> "$log_file"
echo "-----------------" >> "$log_file"
echo " " >> "$log_file"
# move consolidate log to daily file
cat $tmp_log_file >> $log_file
# remove temporary file
rm -f $tmp_log_file
# make sure virus files are right owners
chown -R user:user $virus_vault Here is what it's based off, what I did for ClamAV to find new files and scan those only. #! /bin/bash
if [[ $UID -ne 0 ]]; then sudo "$0"; exit 0; fi
# Directories to scan
scan_dir="/home/user/example.com/files"
# Virus relocation folder
virus_vault="/home/user/example.com/viruses/files"
# Temporary file
list_file=$(mktemp -t clamscan.XXXXXX) || exit 1
# Create new log folder if it doesn't exist
mkdir -p /home/user/example.com/viruses/logs/$(date +%Y-%m)
# Location of log file
log_file="/home/user/example.com/viruses/logs/$(date +%Y-%m)/clamscan-$(date +%Y-%m-%d).log"
# Make list of new files
if [ -f "$log_file" ]
then
# use newer files then logfile
find "$scan_dir" -type f -cnewer "$log_file" -fprint "$list_file"
else
# scan last 5 minutes
find "$scan_dir" -type f -cmin -5 -fprint "$list_file"
fi
if [ -s "$list_file" ]
then
# Scan files and remove (--remove) infected
clamscan -f "$list_file" --move=/"$virus_vault" >> "$log_file"
rm -f "$list_file"
else
# remove the empty file, contains no info
rm -f "$list_file"
fi
exit
Quick comment...
Sophos has 'decision caching' to speed up files that haven't changed since the last scan, while also allowing files to be re-checked against the latest threat definitions.
Similar Messages
-
On-demand scanning for only new files or scan a list from a file
I run a free to use file hosting service and with it are the risks of abuse for malware. In the past I've used ClamAV with a bash script to search for any files that are as old or newer than X minutes, usually about 5 minutes and put the found files listed line by line in a file and ClamAV will scan those files only. Put on a Cron for every 5 minutes to run. ClamAV's detection is pathetic though and has not caught most of the stuff it has needed to find. So switching over to Sophos Linux, it has done a great job already detecting multiple files of the uploaded files folder that ClamAV had already missed in the past. It takes just 3 1/2 minutes for it to scan through 3500+ files and archives totaling 17 gigs. I have it set to scan the whole directory every 5 minutes. This takes a while, even if it is under 3 1/2 mins. Ideally I want Sophos to only scan new files so it can be set to run every minute, or every 5 minutes, whether that be from it's command line or via it reading a file list. This way newly uploaded malware is taken care of as fast as possible for the security of the end users. Here is the script file I use for Sophos already: #! /bin/bash
PATH=/home/user:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
if [[ $UID -ne 0 ]]; then sudo "$0"; exit 0; fi
# Directories to scan
scan_dir="/home/user/directory/files/"
# Virus relocation folder
virus_vault="/home/user/directory/viruses/files/"
# Create new log folder if it doesn't exist
mkdir -p /home/user/directory/viruses/logs/$(date +%Y-%m)
# Location of log file
tmp_log_file="/home/user/directory/viruses/logs/$(date +%Y-%m)/sophos-scan-$(date +%Y-%m-%d)-tmp.log"
log_file="/home/user/directory/viruses/logs/$(date +%Y-%m)/sophos-scan-$(date +%Y-%m-%d).log"
# Scan files and remove (--remove) infected
savscan $scan_dir -nc -ss -archive -all -suspicious -pua --quarantine -move=$virus_vault -p=$tmp_log_file
# Format log
echo " " >> "$log_file"
echo " " >> "$log_file"
echo "-----------------" >> "$log_file"
echo " " >> "$log_file"
date >> "$log_file"
echo " " >> "$log_file"
echo "-----------------" >> "$log_file"
echo " " >> "$log_file"
# move consolidate log to daily file
cat $tmp_log_file >> $log_file
# remove temporary file
rm -f $tmp_log_file
# make sure virus files are right owners
chown -R user:user $virus_vault Here is what it's based off, what I did for ClamAV to find new files and scan those only. #! /bin/bash
if [[ $UID -ne 0 ]]; then sudo "$0"; exit 0; fi
# Directories to scan
scan_dir="/home/user/example.com/files"
# Virus relocation folder
virus_vault="/home/user/example.com/viruses/files"
# Temporary file
list_file=$(mktemp -t clamscan.XXXXXX) || exit 1
# Create new log folder if it doesn't exist
mkdir -p /home/user/example.com/viruses/logs/$(date +%Y-%m)
# Location of log file
log_file="/home/user/example.com/viruses/logs/$(date +%Y-%m)/clamscan-$(date +%Y-%m-%d).log"
# Make list of new files
if [ -f "$log_file" ]
then
# use newer files then logfile
find "$scan_dir" -type f -cnewer "$log_file" -fprint "$list_file"
else
# scan last 5 minutes
find "$scan_dir" -type f -cmin -5 -fprint "$list_file"
fi
if [ -s "$list_file" ]
then
# Scan files and remove (--remove) infected
clamscan -f "$list_file" --move=/"$virus_vault" >> "$log_file"
rm -f "$list_file"
else
# remove the empty file, contains no info
rm -f "$list_file"
fi
exitQuick comment...
Sophos has 'decision caching' to speed up files that haven't changed since the last scan, while also allowing files to be re-checked against the latest threat definitions. -
How to make BPEL File Adapter read only new files?
Hello
we have BPEL processes that define to run from bpel component - file adatper-
when a file come into location that it is path on the linux server . the bpel start run when "File Adapter" bpel component recognize that new file come to the location. its PollingFrequency define to 5. property name="DeleteFile" value="false" so the files remaine there.
we want to migrate the bpel to new SOA version so we did export and deploy to new SOA Domain.
the location of the file adapter is the same.
but when the BPEL processes deployed its start to run for all the files that are in this location- that the file adapter define on .
even the original soa tooks those files and start the BPEL processes for each one of them. also the new SOA that we did deploy to the BPEL processes take those files even if they are very old.
we want the file adatper we take only new files . the start point is the time when we do deploy to the process so if we do deploy in 10:00 am we dont want this bpel will take files from 9:00 or earlier time
Please help , how we can do this?
Thanksthank you
do you kno hat the value means in the example:
Java mon amour: File Adapter metadata with SOA Suite
<property name="jca.file.LastModifiedTime" value="1293041258635">
what should I rite for read only the files that are only neer then yesterday? -
Hi,
Is there an easy way to download only new files from the
server without having to go through and select the various folders?
My programmer changes a handful of files now and then, but I end up
selecting every folder that he might have touched every time...I'm
sure there is a more efficient way to do it? If so, is there a way
to exclude log files? They are huge, take forever to download and I
don't need them.
thanksSynchronize will do that.
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go
- DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs,
Tutorials & Resources
==================
"GPaul" <[email protected]> wrote in message
news:gp4alv$5ja$[email protected]..
> Click on the Modified column in the files panel in
Remote View, this will
> list the files in the order of when they were modified.
>
>
> "Lvanhoff" <[email protected]> wrote in
message
> news:gp49te$4ku$[email protected]..
>> Hi,
>> Is there an easy way to download only new files from
the server without
>> having
>> to go through and select the various folders? My
programmer changes a
>> handful
>> of files now and then, but I end up selecting every
folder that he might
>> have
>> touched every time...I'm sure there is a more
efficient way to do it? If
>> so,
>> is there a way to exclude log files? They are huge,
take forever to
>> download
>> and I don't need them.
>>
>> thanks
>>
>>
>
> -
junked old macbook for a new one. changed apple id password from a different mac. i want to login and it asks for name and password. no matter what i type i cant seem to login. why cant i just enter my apple id and password. or is there a way to change whatever name and password are on the new one from another mac so i can login. anything helps...thanks
Just open System Preferences>Users & Groups and unlock the preference pane with your root password.
Set the New Account to be an Administrator and fill in the rest of the data and then click "Create User".
I would suggest using this user to be YOU with admin capabilities. I wouldn't use the root user - too much damage could occur if you're not sure what you're doing. If you have files, etc., that you want to move to this account, simply but them in the Shared folder - or if you 'rescued' some old files and the like from your 'trashed' MBP, you can put them in your NEW admin account folders.
Hope I've explained myself well - call back with any questions!
Clinton -
I have been using my Apple ID in India and recently i moved to Spain and now i can not see my indian apps.it says my apple ID is valid for only spanish store.how to download apps from Indian store being in Spain.
Did you try to change the location in Settings/iTunes & AppStore/AppleID -> view Apple ID, log in ->Country/Region -> India?
-
TS4036 what if i only want to restore my contact list from backup
what if i only want to restore my contact list from backup
Welcome to the Apple community.
Firstly, you cannot selectively restore content from your iCloud backup. Secondly, your contacts are not part of your iCloud backup. -
Optimize scanned PDF for ONLY PDF FILES in a folder?
Using the Action Wizard to batch optimize scanned documents. When selecting a folder, how can we only optimize the PDF files and skip over conversion of all other file types (JPG, TIF, DOC)? Currently it is converting all files in the folder to PDF, but we only want to optimize the ones which are already PDF.
Thanks!
ATCFigured that would be the only choice... I will use Robocopy to copy the entire folder structure and only *.pdf files, then optimize, then copy back and overwrite existing files. Hopefully Adobe will have a way to filter filetypes in their next release.
-
The first binary file write operation for a new file takes progressively longer.
I have an application in which I am acquiring analog data from multiple
PXI-6031E DAQ boards and then writing that data to FireWire hard disks
over an extended time period (14 days). I am using a PXI-8145RT
controller, a PXI-8252 FireWire interface board and compatible FireWire
hard drive enclosures. When I start acquiring data to an empty
hard disk, creating files on the fly as well as the actual file I/O
operations are both very quick. As the number of files on the
hard drive increases, it begins to take considerably longer to complete
the first write to a new binary file. After the first write,
subsequent writes of the same data size to that same file are very
fast. It is only the first write operation to a new file that
takes progressively longer. To clarify, it currently takes 1 to 2
milliseconds to complete the first binary write of a new file when the
hard drive is almost empty. After writing 32, 150 MByte files,
the first binary write to file 33 takes about 5 seconds! This
behavior is repeatable and continues to get worse as the number of
files increases. I am using the FAT32 file system, required for
the Real-Time controller, and 80GB laptop hard drives. The
system works flawlessly until asked to create a new file and write the
first set of binary data to that file. I am forced to buffer lots
of data from the DAQ boards while the system hangs at this point.
The requirements for this data acquisition system do not allow for a
single data file so I can not simply write to one large file.
Any help or suggestions as to why I am seeing this behavior would be
greatly appreciated.I am experiencing the same problem. Our program periodically monitors data and eventually save it for post-processing. While it's searching for suitable data, it creates one file for every channel (32 in total) and starts streaming data to these files. If it finds data is not suitable, it deletes the files and creates new ones.
On our lab, we tested the program on windows and then on RT and we did not find any problems.
Unfortunately when it was time to install the PXI on field (an electromechanic shovel on a copper mine) and test it, we've come to find that saving was taking to long and the program screwed up. Specifically when creating files (I.E. "New File" function). It could take 5 or more seconds to create a single file.
As you can see, field startup failed and we will have to modify our programs to workaround this problem and return next week to try again, with the additional time and cost involved. Not to talk about the bad image we are giving to our costumer.
I really like labview, but I am particularly upset beacuse of this problem. LV RT is supposed to run as if it was LV win32, with the obvious and expected differences, but a developer can not expect things like this to happen. I remember a few months ago I had another problem: on RT Time/Date function gives a wrong value as your program runs, when using timed loops. Can you expect something like that when evaluating your development platform? Fortunately, we found the problem before giving the system to our costumer and there was a relatively easy workaround. Unfortunately, now we had to hit the wall to find the problem.
On this particular problem I also found that it gets worse when there are more files on the directory. Create a new dir every N hours? I really think that's not a solution. I would not expect this answer from NI.
I would really appreciate someone from NI to give us a technical explanation about why this problem happens and not just "trial and error" "solutions".
By the way, we are using a PXI RT controller with the solid-state drive option.
Thank you.
Daniel R.
Message Edited by Daniel_Chile on 06-29-2006 03:05 PM -
Polling a particular directory, retrieving only new files
Hi,
I have a requirement of polling a particular directory, and retrieving all new files posted. Say, i have a file called file1 in a particular directory, i keep polling the same directory every "n" minutes or even seconds, and will try to fetch file1 only when there is a semaphore file called file1.ready exists for file1.
This is in Solaris.
How can this be implemented?. Any help will be greatly appreciated.
ThanksTake a look at java.io.File which represents an abstract path such as a directory or file. You'll probably be particularly interested in File.exists().
-
Polling a particular directory, retrieve only new file(s)?
Hi,
I have a requirement of polling a particular directory, and retrieving all new files posted. Say, i have a file called file1 in a particular directory, i keep polling the same directory every "n" minutes or even seconds, and will try to fetch file1 only when there is a semaphore file called file1.ready exists for file1.
This is in Solaris.
How can this be implemented?. Any help will be greatly appreciated.
Thanksyou can use the file modified dates to figure out whats new and whats old.
May be you can compare them against the last time that you ran the process. -
hi,
I have two devices for my videos. An ipod classic and an Ipad. I would prefer to keep the highest resolution possible but also will be travelling and it will be useful to have a large archive with me.
I have found that many of the videos I have are "incompatible" with my ipod classic and am in the process of using the "create an ipod or iphone version" but this results in a duplicate file in my itunes library that is identical in everyway (except size and this can be bigger or smaller).
When you buy a HD video off itunes, you get both versions but only one file populates in the itunes libary.
Is there anyway that when itunes "creates the ipod or iphone version", it can do automatically merge these two files so you only see one file in your library? And then it will automatically sync the appropriate file with the appropriate device?
Or is there a way to have itunes "create the ipod or iphone version" and have it automatically label it with the name "XXX (ipod version"?
I am finding it very annoying to manually change all the titles on all the files being created.
thanks, margaretWhen you open a Word document with Pages you get a translated-to-Pages file & the original Word document is unchanged. There are programs that will save over the original file such as LibreOffice. Pages will not.
-
CCMS File Monitoring - Autoreaction for every new File
Hi Experts,
I have a folder with xml files. I monitor these files with the sapccmsr agent. this works fine. Now I want to establish an alerting for the files. If in one of these files contains the pattern "error", I want to generate an alert. I have generated a logfile template like here:
LOGFILE_TEMPLATE
DIRECTORY="E:/usr/sap/prfclog/sapccmsr/Test/"
FILENAME="*.xml"
MONITOR_FILESIZE_KB=1
PATTERN_0="Error"
VALUE_0=RED
if in a file the pattern "Error" exists the colour in rz20 is changed to red. this is working ...
now I come to my problem:
the names of the monitored files are changing. for example there is a file with the name "file_0.xml". the next day a new file with the name "file_x.xml" exists. so, for the alerting with autoreaction it is necessary that the system gives the autoreaction to each file in the monitor automaticly. is it possible? how can i solve this problem?
best regards
christopherHello Christopher,
> the names of the monitored files are changing. for example there is a file with the name "file_0.xml". the next day a new file with the name "file_x.xml" exists.
you monitor all theses files. The wildcard in the parameter "FILENAME" ensures this:
> FILENAME="*.xml"
> so, for the alerting with autoreaction it is necessary that the system gives the autoreaction to each file in the monitor automaticly. is it possible? how can i solve this problem?
A short look into the [online documentation|http://help.sap.com/saphelp_nw70/helpdata/EN/cb/0f8897c23b414ab6e562aa913971bc/frameset.htm] returns the parameters AUTOREACTION_LOC and AUTOREACTION_CEN.
Maybe they will be helpful?
Regards, Michael -
Using Automator to Copy Only New Files to a Destination Folder
Hello,
I need an AppleScript to copy a source directory (including all subfolders and files) to a destination folder, but one that checks for duplicate files and only copies files across from the source directory if they aren't already contained in the destination directory.
I have a script that checks the files, but it only copies files from the source directory and ignores all subfolders and the files within those.
Can anyone help?
Thanks
Reynell79red_menace wrote:
You can create a Service workflow to get the folder(s). The workflow would consist of actions to save the input items to a vatiable (so they can be refiltered), then get the input items, apply a filter, and move the resulting items - for example:
Service receives selected folders in Finder
Get Folder Contents
Set Value of Variable { Variable: Original Items }
Filter Finder Items { Find files where: kind is music }
Move Finder Items { To: Automatically Add to iTunes }
Get Value of Variable { Variable: Original Items } ( Ignore Input )
Filter Finder Items { Find files where: kind is image }
Move Finder Items { To: Album Artwork }
...repeat the Get/Filter/Move actions as needed for other filters
Thanks, the "Set Value of Variable" concept is what I was missing. It almost works. The music files get moved, but then it says the workflow encounters a problem and the image files aren't being moved. I'm assuming it's an issue with steps 5-7. Thoughts? -
CustomEditor Extension - How to add support for a new file type...
Folks,
I'm trying to use the CustomEditor extension as a basis for a new editor that will work with an arbitrary extension (say ".foo").
How do I tell JDeveloper that .foo files should be opened by my wonderful new extension?
I've created a Node class called 'FooNode' to represent my .foo file. It extends DeployableTextNode and overrides the two public variables that appear to specifiy what file types this node represents:
public static final java.lang.String EXT = ".foo";
public static final java.lang.String EXT2 = ".bar";The relevent piece of code is in AnAddin.java and appears to be:
public void initialize()
EditorManager eMgr = EditorManager.getEditorManager();
eMgr.register(this, new Class[] {/*XMLSourceNode.class,*/ FooNode.class });
}This doesn't work - I can't get JDeveloper to recognize .foo files and bring up my editor. What am I doing wrong?
David RolfeFrom our development team:
For the IDE to recognize a new file extension, it needs to be
explicitly registered with the IDE framework. So the static
final field named EXT isn't automatically detected. To
register the extension (this is the JDev 10.1.3 API):
import oracle.ide.model.Recognizer;
Recognizer.mapExtensionToClass(".foo", FooNode.class);
Maybe you are looking for
-
How can I fix the tracks so they are in the correct order?
I made a CD from an old vinyl "The Best of the Staples Singers". Then I downloaded the Artwork. The artwork was from a later version of the same album. On that later version the tracks were in a different order and when I printed the insert for my CD
-
Final Cut Express 3.5.1 vs 4.0 on an OS 10.5- which to buy?
I have read many views that the FC Ex 4 is a downgrade from the 3.5 in reality. I was wondering if I should just buy the 3.5.1 version for my OS 10.5? Thoughts?
-
Problems to generate WSDL file
Hello to all, I am adapting the sample ( /xws-security/samples/simple) to develop my service. When I compile the file WSDL no is adapted with my changes. I think that the problems is in build.xml, in gen-service target where execute wscompile to gene
-
How I can link back video and audio after I unlink them
how i can link back video and audio after I unlink them
-
Announce: Trinidad in Action - Part 1: An introduction
Hello, I am pleased to announce the first in a series of articles by Matthias Wessendorf about the Apache MyFaces Trinidad JSF component suite. Here is an excerpt: Trinidad - JSF components and more Trinidad is not only a JSF library that contains ov