0

I need to check a directory and subfolders every hour, but only for new files.

So i wrote a script with these contents:

#!/bin/bash

find /var/www/html/files/ -ctime -1 |
clamscan -r --remove --log=/var/log/clam/clamscan.log

But for a reason, it doesn't check only the new files, it checks every file (about 6000).

The funny thing is, when I'm for example in the /tmp/ folder and I run find -ctime -1 | clamscan it works.

So I guess I'm missing something but I can't think of what it is.

tripleee
  • 175,061
  • 34
  • 275
  • 318
erax
  • 1
  • Then something else is updating the change time of those 6,000 files? – tripleee Jan 11 '23 at 12:50
  • no, nothing is updating the files. the timestamp also is older than 1day. some are years old. – erax Jan 11 '23 at 12:53
  • Does the file system support ctime, or only mtime? – tripleee Jan 11 '23 at 12:54
  • @tripleee yes it does support ctime, for example when i just hit "find -ctime -1" it gives me the correct output – erax Jan 11 '23 at 12:59
  • But `/var/www/html/files` can be on a separate filesystem with different flags and/or capabilities – tripleee Jan 11 '23 at 13:01
  • @tripleee i just tried "find -ctime -1" in the directory and he shows me all files.... not just the the new ones. but i get the same output with "find -mtime +1" – erax Jan 11 '23 at 13:11

1 Answers1

0

It appears that /tmp supports ctime but /var/www/html/files is apparently on a different file system which doesn't.

Lack of ctime support is relatively common for various reasons; probably try with -mtime instead, or refactor to keep track of which files existed in the previous iteration (or perhaps switch to inotify or similar) if you really absolutely have to watch for new files.

tripleee
  • 175,061
  • 34
  • 275
  • 318
  • Maybe you´re right. Unfortunately im not familiar with inotify, so i solved it this way: I let the webpage move the files which are older than 1 day to another folder. So i dont need the mtime/ctime for the clamscan. – erax Jan 11 '23 at 14:57