The following is what appears in the trace that I belive is relevant (it is all
that appears relevant to eicar)
lstat64(/home/justlgn/test/eicar.com, {st_mode=S_IFREG|0644, st_size=69,
...}) = 0
stat64(/home/justlgn/test/eicar.com, {st_mode=S_IFREG|0644, st_size=69, ...})
= 0
P.S.S
For what it's worth, it wont remove the file either. Same can't open file
message is displayed.
- Original Message
From: Török Edvin [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Tuesday, October 16, 2007 3:18:43 PM
Subject: Re: [Clamav-users] eicar
Hey,
I don't know if clamuko should deny access to this file. If you are
running Clamuko then disable it please ;-) or show us ls -al
/home/justlgn/test/eicar.com
/rl
Sean McGlynn wrote:
The following is what appears in the trace that I belive is relevant (it is
all that appears relevant
P.S.
Based on the trace results I believe what you are saying about this not being
about moving the file is correct. I don't think the process has gotten as far
as trying to move the file.
For the record, I can manually move the file:
OES-FS05:/home/justlgn/test # mv eicar.com
Sean McGlynn schrieb:
For the record, I can manually move the file:
OES-FS05:/home/justlgn/test # mv eicar.com /var/log/clam/infected/
Judging from the prompt, you are doing this as root, but beneath
your (justlgn's) home directory.
OES-FS05:/home/justlgn/test # ls -al
total 2
drwxr-xr-x
Tilman,
Thank you for your reply.
Everything is being done as root.
Sean
- Original Message
From: Tilman Schmidt [EMAIL PROTECTED]
To: ClamAV users ML clamav-users@lists.clamav.net
Sent: Wednesday, October 17, 2007 9:30:23 AM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
That's it!! When I disable clamuko, the scan results indicated an infected
file was found (which it was not doing) and the file was moved to the
quarantine directory.
Now, that said, where does that leave me as far as clumuko? We rely on that
for on access scanning. I assume, now that I'm
Hello!
Is it possible to create new .cvd files from older
.cvd files, using the appropriate .cdiff files?
If this is not possible (with .cdiff files), do u
think that we can somehow create a binary diff file
from the two .cvd versions (old against new)?
Thanks
ilias
PS: sorry for posting this
Greetings,
Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd
version 4540 reported that an EXE on one of our servers was infected
with Hacktool.PCGI. This EXE came from a pretty reputable source, and
when I scanned the same file with Symantec AntiVirus, it claimed that
the
Jonathan Kamens wrote:
Greetings,
Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd
version 4540 reported that an EXE on one of our servers was infected
with Hacktool.PCGI. This EXE came from a pretty reputable source, and
when I scanned the same file with Symantec
10 matches
Mail list logo