Hello,
After changing our DNS services from Netware to OES Linux/BIND, freshclam
stopped getting updates.
When we run freshclam we get:
WARNING: Can't query current.cvd.clamav.net and
WARNING: Invalid DNS reply. Falling back to HTTP mode.
Connecting via Our_proxy_server_IP
Reading CVD header
It appears that if clamuko is configured to scan a particular directory on
access, then clamscan does not actually identify the file as an infected file.
The results of the clamscan show Infected files: 0, even though the directory
has an infected file (in this case, eicar for testing). In
: Tuesday, October 16, 2007 3:18:43 PM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
On 10/16/07, Sean McGlynn [EMAIL PROTECTED] wrote:
Just to be certain (It's not my first day with Linux, but I'm still
relatively new to it), you mean NFS as in Network File System, as in mounting
Identified But Not Moved
On 10/16/07, Sean McGlynn [EMAIL PROTECTED] wrote:
Just to be certain (It's not my first day with Linux, but I'm still
relatively new to it), you mean NFS as in Network File System, as in mounting
a remote file system on the Linux server, correct? If correct
But Not Moved
On 10/16/07, Sean McGlynn [EMAIL PROTECTED] wrote:
Just to be certain (It's not my first day with Linux, but I'm still
relatively new to it), you mean NFS as in Network File System, as in mounting
a remote file system on the Linux server, correct? If correct, then no, NFS
Sean McGlynn schrieb:
For the record, I can manually move the file:
OES-FS05:/home/justlgn/test # mv eicar.com /var/log/clam/infected/
Judging from the prompt, you are doing this as root, but beneath
your (justlgn's) home directory.
OES-FS05:/home/justlgn/test # ls -al
total 2
drwxr-xr-x
: Re: [Clamav-users] eicar Identified But Not Moved
Hey,
I don't know if clamuko should deny access to this file. If you are
running Clamuko then disable it please ;-) or show us ls -al
/home/justlgn/test/eicar.com
/rl
Sean McGlynn wrote:
The following is what appears in the trace that I belive
Hello,
I am looking for better information when notified by ClamAV that a virus has
been detected. Thus far I have VirusEvent /bin/echo VIRUS ALERT: ClamAV found
%v. | /bin/mail -s ClamAV Virus Detection -r ClamAV [EMAIL PROTECTED], which
basically tells me that a particular virus was
I read in another post that the only way to quarantine an infected file that is
discovered during an on access scan (i.e. via Clamuko) it to write a script
that would parse the log file for the location of the infected file and then
move it or delete it as desired. Is this correct? If not,
Hello,
I am testing clamscan, and running the following command:
clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscanSPM
/home/justlgn/test/eicar.com
The results indicate can't open file, and that no infected files were found.
The clam log file shows that the file was
Identified But Not Moved
Sean McGlynn wrote:
Hello,
I am testing clamscan, and running the following command:
clamscan -r --move=/var/log/clam/infected -l /var/log/clam/dailyclamscanSPM
/home/justlgn/test/eicar.com
The results indicate can't open file, and that no infected files were
found
, October 16, 2007 2:30:09 PM
Subject: Re: [Clamav-users] eicar Identified But Not Moved
Dennis Peterson wrote:
Sean McGlynn wrote:
Dennis,
Thank you for taking the time to reply.
Yes, I am running the scan as root.
Sean
Is the home directory mounted?
Should have said NFS mounted.
dp
But Not Moved
Sean McGlynn wrote:
The directory I am trying to scan is mounted, as is the directory to where I
want the infected files moved, if I am understanding your question.
Thanks again.
User root is frequently (and correctly) prohibited from deleting files from NFS
mounted sources
that you can remove the infection and if
necessary reinstall or rebuild the application anew.
On Oct 16, 2007, at 1:43 PM, Sean McGlynn wrote:
I read in another post that the only way to quarantine an infected
file that is discovered during an on access scan (i.e. via Clamuko)
it to write
14 matches
Mail list logo