Hi I couldn't find another place to write this, so here goes. I just bought a yearly license for one of our company servers, to test out this product, against mallet and other, we use right now, for scanning for malware and viruses. But I have two questions/requests. 1) Can I exclude symlinks from being followed for directories? As it is now, it scan a lot of things twice or more, in our ispconfig setup. 2) Is a monitor system planed, like we have in mallet? Thanks for good work!
Hi Mike, the scanner does not follow symlinks as far as I can see in the code. Are you really sure that it follows them on your server? The log dirs are bind mounts, not symlinks, just in case that you mean them. In case that you like to exclude directories, use the --exclude statement e.g.: ispp_scan --path=/var/www --exclude="/var/www/**/temp" The --exclude statement can be used multiple times. You can use the scanner to monitor a server, the Scanner has command line options to run unattended and optionally in an incremental mode and it can send reports by email. You can find the option in the ronjob setup part here: http://ispprotect.com/documentation/ It is also planned to add a GUI module for the ISPConfig interface in the next months to configure the scanner and view reports.
Hi Till. Thanks works very well and am looking forward to ISPConfig integration A suggestion though, in maldet we have a monitor mode, that checks as soon as a file is written, through the linux kernel. Is that something you might consider implementing at some point? Mike
We will add such a monitoring mode for small low traffic servers in ISPProtect as well. On High traffic servers, a real-time scan with inotify like maldet uses it needs to many resources.
