On Mar 23, 2006, at 14:55 , Josh Tolbert wrote:
Hello folks,
So, since Apple's 2006-001 update causes McAfee's Virex to break
(segfaults after an hour or so of operation) on our OS X Server
machine (which 2006-002, even v1.1 don't fix) and I'm required by
powers greater than me to use a virus scanner on the machine, I
started looking in to ClamAV to use for the scanner used in some
(daily and weekly) periodic scripts.
The one packaged with OS X Server is, of course, broken. It does
not respect multiple --exclude-dir arguments. No biggie, though...I
left the system one in place to handle e-mail tagging through amavisd
and just built my own in /usr/clamav, which I will use for my file
system scans until Apple fixes their broken one. Oddly enough, the
ClamAV people have had a working version out for a while, but Apple
hasn't bothered to update their packaged version.
So, on to my problem...Now, with my spiffy new clamscan, which isn't
broken and actually respects multiple --exclude-dir commands, I
have the same problem I had with the old clamscan. If I run a
recursive scan starting at the top of the file system (/), it
restarts again at the top after going through all the subdirs, and
I can't figure out why. I've already excluded all the dirs that
have symlinks back to the top of the file system. I've tried setting
--max-recursion=0. This does not occur on any FreeBSD or Linux box
I've tried it on...What gives? If I scan individual directories
recursively everything works all right, but doing the entire system
seems to have issue.
Does anyone have any ideas or a work-around? I'd prefer a good fix
with reasons instead of a hack. The command I'm using right now is:
sudo -u clamav /usr/clamav/bin/clamscan -r --exclude-dir=/automount
--exclude-dir=/Volumes /
I ran this command as root (no sudo -u clamav) and added "--exclude-
dir=/dev", here's the results
----------- SCAN SUMMARY -----------
Known viruses: 47146
Engine version: 0.88
Scanned directories: 2589
Scanned files: 35173
Infected files: 0
Data scanned: 11820.25 MB
Time: 2887.203 sec (48 m 7 s)
it didn't run continuously as you had reported so I suspect that
somewhere is a link pointing back to the root so it goes into an
endless loop.
You can include the -i flag if you only want to see only infected
files, but I was hoping to see why the damned thing's broken.
Another question...Why does clamscan prefix all of its paths in the
output with an extra /?
As an aside, I have had nothing but trouble with OS X Server, mostly
due to Apple packaging stuff with their OS that you can't disinclude
and that I want to make changes to. If I didn't need OpenDirectory
(and I'm looking for alternatives) I'd just dump Server entirely
and put regular OS X on the machine. Actually, I'd rather just
replace it with a FreeBSD x86 machine and not have to pay the Apple
hardware premium or deal with the draconian mass updates, either...
Then why not just drop OSX and go with straight Darwin???
Strangely enough, everything your doing on OSXS I'm doing on OSX, I
just can't use ServerAdmin which is no big loss and I've fixed the
sasl libsql.so module so I can manage users in mysql so no more local
account (true virtual users) and thousands of homes wasting disk space.
I'm working on an admin interface (web based) that is entirely
standalone to manage things like the FIREWALL, DNS, MAIL, WEB, MySQL,
NETWORK and USERS as a possible solution cause I'm getting tired of
forking out a grand for each of 34 machines every time I need to
purchase a newer OS.
Thanks,
Josh
--
Josh Tolbert
-- Dale
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
