[CentOS] This "find" command

Wed Dec 28 17:31:11 UTC 2005
Rodrigo Barbosa <rodrigob at suespammers.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, Dec 28, 2005 at 11:13:08AM -0600, rado wrote:
> > Something like this:
> > 
> > find / -mtime -1 -type f --exec clanscan -l \
> > 	/var/log/camav/clanscan-bu-daily.log \
> > 	$clanexcludes -r --no-summary "{}" \; | \
> > 	cut -d: -f1 > /usr/local/bin/changedfilelog
> > NOTOK=`cat /var/log/clamav/clamscan-bu-daily.log | sed -n -e '/FOUND/p;/ERROR/p'`
> > 
> > if [ "${NOTOK}" != "" ]; then
> > 	....
> > 
> > I can't actually test this here, since I don't use clanscan, but it is
> > supposed to do what you want.
> > 
> kk this was/is the find following the paths I originally used w/new
> mods:
> find / -path /sys/bus/pci/drivers -prune -o -path /proc -prune -o -type
> f -mtime -1 | xargs clamscan -l /var/log/clamav/clamscan-bu-daily.log
> $clamexcludes -r --no-summary | cut -d: -f1
> > /usr/local/bin/changedfilelog
> ---------------------------------
> kk this performs pretty well now...avg time to run is about 3-4
> minutes...and logging about 6-7000 files to be rsynced and also clamav
> produces no "ERROR" or "FOUND" messages.
> 
> this is the find statement you kinda suggested using "-exec":
> find / -type f -mtime -1  -exec clamscan -l /var/log/clamav/clamscan-
> bu-daily.log $clamexcludes -r --no-summary "{}" \; | cut -d: -f1
> > /usr/local/bin/changedfilelog
> 
> although I did enjoy playing w/this as I had never any experience w/the
> "-exec" command...well, it produced about the same amt of files to send
> to rsync w/no clamscan errors that would stop it but it took approx 1 hr
> to complete.
> 
> I am msging bout this just FYI and out of respect that you did indeed
> try to help solve this problem...and, of course, if others might find
> this of any use.

The main different is that -exec will execute clanscan once for
each file, while your solution using xargs will provide the
whole list of files as a parameter. Just be cause because the
way you are doing it, you have 3 possible risks:
1) The command line will get too long, and the command won't execute
2) The command line will get too long, will be truncated, and you can
   get a different result
3) Filenames with special character, even a space, can give you small
   headaches


Both solutions are valid, and both have positive and negative aspects.
Choosing between them should be done on a case by case basis.

- -- 
Rodrigo Barbosa <rodrigob at suespammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDssvfpdyWzQ5b5ckRAkBAAJsFaN8VW5Dp77VFZE+FhWZaGzNTXQCfbeze
vHNch31P9EUXaALNRHLelWc=
=jv0u
-----END PGP SIGNATURE-----