Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Sean McGlynn
The following is what appears in the trace that I belive is relevant (it is all that appears relevant to eicar) lstat64(/home/justlgn/test/eicar.com, {st_mode=S_IFREG|0644, st_size=69, ...}) = 0 stat64(/home/justlgn/test/eicar.com, {st_mode=S_IFREG|0644, st_size=69, ...}) = 0

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Sean McGlynn
P.S.S For what it's worth, it wont remove the file either. Same can't open file message is displayed. - Original Message From: Török Edvin [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Tuesday, October 16, 2007 3:18:43 PM Subject: Re: [Clamav-users] eicar

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Thorolf
Hey, I don't know if clamuko should deny access to this file. If you are running Clamuko then disable it please ;-) or show us ls -al /home/justlgn/test/eicar.com /rl Sean McGlynn wrote: The following is what appears in the trace that I belive is relevant (it is all that appears relevant

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Sean McGlynn
P.S. Based on the trace results I believe what you are saying about this not being about moving the file is correct. I don't think the process has gotten as far as trying to move the file. For the record, I can manually move the file: OES-FS05:/home/justlgn/test # mv eicar.com

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Tilman Schmidt
Sean McGlynn schrieb: For the record, I can manually move the file: OES-FS05:/home/justlgn/test # mv eicar.com /var/log/clam/infected/ Judging from the prompt, you are doing this as root, but beneath your (justlgn's) home directory. OES-FS05:/home/justlgn/test # ls -al total 2 drwxr-xr-x

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Sean McGlynn
Tilman, Thank you for your reply. Everything is being done as root. Sean - Original Message From: Tilman Schmidt [EMAIL PROTECTED] To: ClamAV users ML clamav-users@lists.clamav.net Sent: Wednesday, October 17, 2007 9:30:23 AM Subject: Re: [Clamav-users] eicar Identified But Not Moved

Re: [Clamav-users] eicar Identified But Not Moved

2007-10-17 Thread Sean McGlynn
That's it!! When I disable clamuko, the scan results indicated an infected file was found (which it was not doing) and the file was moved to the quarantine directory. Now, that said, where does that leave me as far as clumuko? We rely on that for on access scanning. I assume, now that I'm

[Clamav-users] create cvd using cdiffs?

2007-10-17 Thread ilias seperis
Hello! Is it possible to create new .cvd files from older .cvd files, using the appropriate .cdiff files? If this is not possible (with .cdiff files), do u think that we can somehow create a binary diff file from the two .cvd versions (old against new)? Thanks ilias PS: sorry for posting this

[Clamav-users] Hacktool.PCGI false positive? What to do?

2007-10-17 Thread Jonathan Kamens
Greetings, Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd version 4540 reported that an EXE on one of our servers was infected with Hacktool.PCGI. This EXE came from a pretty reputable source, and when I scanned the same file with Symantec AntiVirus, it claimed that the

Re: [Clamav-users] Hacktool.PCGI false positive? What to do?

2007-10-17 Thread Dennis Peterson
Jonathan Kamens wrote: Greetings, Recently, ClamAV version 0.90.2 with main.cvd version 44 and daily.cvd version 4540 reported that an EXE on one of our servers was infected with Hacktool.PCGI. This EXE came from a pretty reputable source, and when I scanned the same file with Symantec