Hi guys,
Recently on a box we found that when clam was doing it nightly scan
(uses clamscan), it was creating huge temp files :
[EMAIL PROTECTED] clamav-768f23bf93fe051c]# ll
total 1001840
-rw------- 1 root root 512425984 Oct 26 07:43 comment.html
-rw------- 1 root root 512438272 Oct 26 07:43 nocomment.html
drwx------ 2 root root 4096 Oct 26 07:33 rfc2397
-rw------- 1 root root 0 Oct 26 07:33 script.html
Now, the temp files grow bigger but in this case the partition ran out
of space. (rfc2397 is empty)
The contents of both the html files are:
</b>on line <b>352</b><br /> <a
href="?dnindex=0">1</a></td></tr></table></table><table><tr><td><br
/><b>warning</b>: division by zero in
<b>/usr/www/users/spacqre/cbn/search.php</b>on line <b>352</b><br
/> <a
href="?dnindex=0">1</a></td></tr></table></table><table><tr><td><br
/><b>warning</b>: division by zero in
<b>/usr/www/users/spacqre/cbn/search.php</b>on line <b>352</b><br />20
<a href="?dnindex=0">1</a>ff2
</td></tr></table></table><table><tr><td><br /><b>warning</b>: division
by zero in <b>/usr/www/users/spacqre/cbn/search.php</b>on line
<b>352</b><br /> <a
href="?dnindex=0">1</a></td></tr></table></table><table><tr><td><br
/><b>warning</b>: division by zero in
<b>/usr/www/users/spacqre/cbn/search.php</b>on line <b>352</b><br
/> <a
href="?dnindex=0">1</a></td></tr></table></table><table><tr><td><br
/><b>warning</b>: division by zero in
<b>/usr/www/users/spacqre/cbn/search.php</b>on line <b>352</b><br /
Now, you are probably saying check
/usr/www/users/spacqre/cbn/search.php, but that not the issue. Even if
it has bad code in it, why does this affect clam?
search.php:
//snip
Line form search.php:
if($arrayLoop ==$arrayCount)
{
break; //line 352
}
//snip
The rcf2397 also got me thinking, and I checked the documentation for
RFC2397, and it is :The "data" URL scheme which as far as I can see has
no implication on this case, as search.php does not make use of this scheme.
Thanks,
Shaun Bugler
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
