Kaplan, Andrew H. wrote: > Hi there -- > > I wrote a script that does an update to the virus database, and then runs a > recursive check of all directories, with certain exceptions, on the > system in question. Enclosed with this e-mail is the script in two versions. > The > first version excludes several directories, while the other does > not use the exclusion option. The two versions of the script run respectively > on > a SuSE and Fedora server. > > <<clamav_scan_version2.txt>> <<clamav_scan_version1.txt>> > > I upgraded clamav from version 0.94.2 to the 0.95 distribution last night. > After > completing the installation, I ran the ldconfig command to ensure > all libraries were up to date. The script shown above was scheduled to run at > 1:00 AM this morning. A check of my e-mail indicated that while > the freshclam update was successful, the output files were totally blank. > > Does anyone have any idea as to why this happened, and what I can do to > correct > it? Thanks. > > > The information in this e-mail is intended only for the person to whom it is > addressed. If you believe this e-mail was sent to you in error and the e-mail > contains patient information, please contact the Partners Compliance HelpLine > at > http://www.partners.org/complianceline . If the e-mail was sent to you in > error > but does not contain patient information, please contact the sender and > properly > dispose of the e-mail.
You have an uncommon high degree of faith in the signature files to allow this script to move files to /tmp when found to be infected. What if it discovered a false positive in /usr/lib/libc*? :) Off the topic a bit, but I'd suggest using: cd / && /usr/local/bin/clamscan -r --move=/tmp/quarantine 2>&1 | \ egrep -v " OK|Empty file|Excluded" |tee clamscan_output.txt | \ mailx -s "<Server Name> Clamscan Results" <system administrator> What do you see if you run this script manually? And finally, what are the chances your report files are being moved by clamscan because they're deemed infected? Nothing to keep that from happening because they're not excluded in either script. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
