Directory exlclusion list without GUI?

[gstewart]

Is there a way to configure a list of directories for exclusion when no GUI is available? (I'm not sure that the GUI permits this, I haven't looked as I need to set exclusions at the command line.)

Or, is the only means to so this (per 'man avast') by explicitly specifying the "include" dirs (that arg list could get long)?

Thanks!

--Greg

[igor]

What exactly are you trying to achieve?
I'm quite sure there's no command-line utility to configure that.

[gstewart]

I'm actually trying to limit the on-access scan to (I guess I should be looking at "avastd", instead of "avast"?) to bypass scanning of certain files that are "known" safe, but more importantly could bog the system down immensely if avast/avastd competes with our applications for every access.

These files would be text logs, database files, and such; and system/application performance is a big deal. Excluding the directories that contain these files would prevent access conflicts between avast and the applications.

I also noticed that /proc is getting scanned, which seems somewhat useless to me (and causes scan errors, anyhow) as /proc is not a real filesystem.

This isn't so much a big deal for, say, a mid-nightly scan, when the system is not in use.

Thanks!

--Greg

[zilog]

I'm actually trying to limit the on-access scan to (I guess I should be looking at "avastd", instead of "avast"?) to bypass scanning of certain files that are "known" safe, but more importantly could bog the system down immensely if avast/avastd competes with our applications for every access.

These files would be text logs, database files, and such; and system/application performance is a big deal. Excluding the directories that contain these files would prevent access conflicts between avast and the applications.

I also noticed that /proc is getting scanned, which seems somewhat useless to me (and causes scan errors, anyhow) as /proc is not a real filesystem.

This isn't so much a big deal for, say, a mid-nightly scan, when the system is not in use.

Thanks!

--Greg

these exclusion should be made at the level that's nearest to the source of the event - in case of on-acces, at avasguard's level. this has nothing to do with avast/avastcmd, and also with avastd (these services are considered as "global", able to scan everything on request).

regards,
PC

[gstewart]

these exclusion should be made at the level that's nearest to the source of the event - in case of on-acces, at avasguard's level. this has nothing to do with avast/avastcmd, and also with avastd (these services are considered as "global", able to scan everything on request).

I'm not entirely sure we're talking about the same thing, here.

I just took a quick look at avastgui on my workstation, and under "Preferences" the first tab that appears is called "Exclusions" in which the user has the ability to list directories to exclude during a scan. It tells the user: "Type path masks to be excluded during scanning. Note that these settings affect all parts of avast!"

If the system has no X Window environment, I cannot configure this with avastgui.

I have tried to find documentation suggesting how to define this exclusion list for use with avast and avastd to prevent both the on-access daemon and user/script-initiated full system scans to exlcude particular directories that we do not want included (of course, /proc should be excluded, anyhow), but this documentation does not seem to exist anywhere.

Does the server version of avast! for Linux have different/fewer options available? Even so, why would an exclusion list be definable only in the workstation GUI, and not via command line args or a config file? The files in ~/.avast/ don't include any configuration, and I don't see a config in /etc.

Here's an example:

With ClamAV I can easily exclude directories such as /proc and /var/log at the CLI by entering

        clamscan -r --exclude-dir=/proc --exclude-dir=/var/log

I cannot seem to do this with avast.  Is it possible?

[gstewart]

Ok. Having done some snooping around, I found that after modifications to the "preferences" have been made in avastgui (and *only* afterward, apparently nothing is set here by default), the app modifies the local user's ~/.avast/avastrc config to include some special information (note the 'excluded_paths' var):

[licence]
key=[your typical avast licence key]
[scanner]
excluded_paths=/proc;/var/log
update_mode=manual
[chest]
maxsize=256
[log]
maxsize=1024
[smtp]
server=localhost
port=25
from=some_user@localhost
authenticate=0
username=
password=
[alerts]
recipients=
[reports]
create=0
overwrite=0
customfile=0
filename=/home/some_user/.avast/report.txt
[reports/events]
taskstart=1
taskstop=1
harderr=1
softerr=1
skipped=0
infected=1
ok=0
[browser]
type=firefox
command=
[windows]
[windows/mainframe]
maximized=0
width=442
height=597

That [scanner] section can be found nowhere outside the local user app rc file--which contradicts the warning I posted above ("Note that these settings affect all parts of avast!") if 'avastd' is assumed to be included among "all parts of avast!".

If it only appears in the local user's app rc config, it seems only to affect avast! processes run by that one local user. Or, is it only 'avastgui' that uses the app rc style config?

'Twould be nice to have a global avastrc file, say, in /etc, or /etc/avast, or the like to configure the on-access daemon as well full system scans run by cron.

Is the Linux Server edition differently configured? I.e., does it drop config files in /etc for a truly global effect? Or, does it rely on a local user account to honour configurations (which would seem to defeat the purpose of having a server version).

I need to build a test environment for the server app before I request an eval key.

Trouble is: avast! has a smaller memory footprint, consumes less CPU, and uses an overall faster algorithm than ClamAV on Linux (approx. 40% faster), but cannot be configured as smartly as ClamAV for a production server environment.

I really would like to recommend avast! to our customers that require antivirus utilities on all servers, but having to take down the server temporarily to ensure that AV scans don't conflict or drag down performance is not going to be an easy sell.