Category Archives: How-to

clamscan exclude & include REGEX format

clamscan documentation is silent about which format the application expects for the –exclude=REGEX, –exclude-dir=REGEX, –include=REGEX, –include-dir=REGEX command line options.

Here are the REGEX rules found experimentally:

1. . is any symbol
2. * means zero or more occurrences of the preceding character
3. + means 1 or more occurrences of the preceding character
4. ^ ancors to the start of the filename or directory name with full path, either absolute or relative to CWD
5. / is treated literally as a path subdirectories separator
6. leading / ancors to the beginning of the filename or directory name
7. trailing / ancors to the end of the directory name
8. \s \w \S and other escapes seem to have the backslash ignored
9. buy this point I got bored 🙂

What follows is the listing of the experiments shell session.

$ pwd
/tmp
$ mkdir d
$ mkdir d/e
$ touch d/f d/e/g
$ clamscan d
d/f: Empty file

$ clamscan --exclude-dir=f d
d/f: Empty file

$ clamscan -r --exclude-dir=f d
d/e/g: Empty file
d/f: Empty file

$ clamscan -r --exclude-dir=e d
d/e: Excluded
d/f: Empty file

$ clamscan -r --exclude-dir=/e d
d/e: Excluded
d/f: Empty file

$ mkdir d/e2 d/3e3 
$ clamscan -r --exclude-dir=/e d
d/e: Excluded
d/e2: Excluded
d/f: Empty file

$ clamscan -r --exclude-dir=/e/ d
d/e: Excluded
d/f: Empty file

$ clamscan -r --exclude-dir=^/e/ d
d/e/g: Empty file
d/f: Empty file

$ mkdir d/e2/e5 d/3e3/4e4
$ touch d/{e,e2,3e3}/{e5,4e4}f

$ clamscan -r --exclude-dir=^/e/ d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e/4e4f: Empty file
d/e/e5f: Empty file
d/e/f: Empty file
d/e/g: Empty file
d/e2/4e4f: Empty file
d/e2/e5f: Empty file
d/e2/f: Empty file
d/f: Empty file

$ clamscan -r --exclude-dir=d/e d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e: Excluded
d/e2: Excluded
d/f: Empty file

$ clamscan -r --exclude=d/e d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e/4e4f: Excluded
d/e/e5f: Excluded
d/e/f: Excluded
d/e/g: Excluded
d/e2/4e4f: Excluded
d/e2/e5f: Excluded
d/e2/f: Excluded
d/f: Empty file

$ clamscan -r --exclude=/tmp/d/e d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e/4e4f: Empty file
d/e/e5f: Empty file
d/e/f: Empty file
d/e/g: Empty file
d/e2/4e4f: Empty file
d/e2/e5f: Empty file
d/e2/f: Empty file
d/f: Empty file

$ clamscan -r --exclude=/tmp/d/e /tmp/d
/tmp/d/3e3/4e4f: Empty file
/tmp/d/3e3/e5f: Empty file
/tmp/d/3e3/f: Empty file
/tmp/d/e/4e4f: Excluded
/tmp/d/e/e5f: Excluded
/tmp/d/e/f: Excluded
/tmp/d/e/g: Excluded
/tmp/d/e2/4e4f: Excluded
/tmp/d/e2/e5f: Excluded
/tmp/d/e2/f: Excluded
/tmp/d/f: Empty file

$ clamscan -r --exclude=^/tmp/d/e /tmp/d
/tmp/d/3e3/4e4f: Empty file
/tmp/d/3e3/e5f: Empty file
/tmp/d/3e3/f: Empty file
/tmp/d/e/4e4f: Excluded
/tmp/d/e/e5f: Excluded
/tmp/d/e/f: Excluded
/tmp/d/e/g: Excluded
/tmp/d/e2/4e4f: Excluded
/tmp/d/e2/e5f: Excluded
/tmp/d/e2/f: Excluded
/tmp/d/f: Empty file

$ clamscan -r --exclude-dir=/.e d
d/3e3: Excluded
d/e/4e4f: Empty file
...

$ clamscan -r --exclude-dir=/*e d
d/3e3: Excluded
d/e: Excluded
d/e2: Excluded
d/f: Empty file

$ clamscan -r --exclude-dir=/3* d
d/3e3: Excluded
d/e: Excluded
d/e2: Excluded
d/f: Empty file

$ mkdir d/p\ a
$ touch d/p\ a/file
$ clamscan -r --exclude-dir=\\s+ d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e/4e4f: Empty file
d/e/e5f: Empty file
d/e/f: Empty file
d/e/g: Empty file
d/e2/4e4f: Empty file
d/e2/e5f: Empty file
d/e2/f: Empty file
d/p a/file: Empty file
d/f: Empty file

$ clamscan -r --exclude-dir='\s+' d
d/3e3/4e4f: Empty file
d/3e3/e5f: Empty file
d/3e3/f: Empty file
d/e/4e4f: Empty file
d/e/e5f: Empty file
d/e/f: Empty file
d/e/g: Empty file
d/e2/4e4f: Empty file
d/e2/e5f: Empty file
d/e2/f: Empty file
d/p a/file: Empty file
d/f: Empty file