ClamAV notes.md 710 B
ClamAV Notes
stop the clam scanning service.
service clamd@scan stop
clamscan vs clamdscan
clamscan is the full scanner, clamdscan talks to the clam daemon who runs scans on its behalf. These give slightly different results.
Clamd stuff
Logging
Logging is horrible. Clamd by default writes to a logfile, but doesn't apparently log when a scan actually runs or what its results were, unless that scan finds something.
See salt/fileroots/internal_splunk_forwarder/files/TA-clamav/default/inputs.conf for the locations splunk is looking for.
Exceptions and False Positives
See also: https://github.xdr.accenturefederalcyber.com/mdr-engineering/msoc-infrastructure/wiki/AV-Exceptions