On 3 apr. 2013, at 14:54, Ben Stuyts <b...@altesco.nl> wrote: > Hi, > > On 3 apr. 2013, at 03:05, Jim Preston <jimli...@commspeed.net> wrote: > >> On 03/25/2013 09:26 AM, Ben Stuyts wrote: >>> Well, still no luck, same errors over the weekend. Anybody have any other >>> ideas? >>> >>> Thanks, >>> Ben >>> >>> On 22 mrt. 2013, at 18:43, Ben Stuyts <b...@altesco.nl> wrote: >>> >> [snip] >>> (cmd line is >>> /usr/local/bin/clamdscan -m --fdpass /home) >> [snip] >> >> This is not a solution but a thought on pointing to root cause. From your >> original post, I gather that there are multiple users on the system. What >> happens if you scan each user individually? If it is always the same user's >> directory causing the problem, you can then narrow the scan down to get the >> exact directory / file(s) to get to exact cause. >> >> If scans are automated, i.e. being down after hours when no one is there, >> there are numerous ways to automate the individual scans to help get a >> handle on the cause of the problem. The exact methods might be platform >> dependent and somewhat OT for this particular thread. Feel free to email me >> off-list if you want to discuss any methods. By automation and OT, I am >> referring to using scripting and / or cron to do the automation and not >> anything inside of ClamAV itself. > > It is indeed a whole bunch of home directories from different users. I'll > give it a try to scan each one separately and narrow it down.
I scanned the various subdirectories separately, and I did not get the error. It also identified the eicar test file buried in there: Wed Apr 3 15:10:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 15:30:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 15:36:49 2013 -> fd[44]: Win.Trojan.Agent-202575 FOUND Wed Apr 3 15:50:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 16:10:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 16:30:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 16:50:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 17:00:17 2013 -> fd[69]: Eicar-Test-Signature FOUND Wed Apr 3 17:08:33 2013 -> fd[73]: Win.Trojan.Agent-202575 FOUND Wed Apr 3 17:08:51 2013 -> fd[66]: Win.Trojan.Agent-202575 FOUND Wed Apr 3 17:08:58 2013 -> fd[68]: Win.Trojan.Agent-202575 FOUND Wed Apr 3 17:09:16 2013 -> fd[67]: Win.Trojan.Agent-202575 FOUND Wed Apr 3 17:10:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 17:30:34 2013 -> SelfCheck: Database status OK. Wed Apr 3 17:31:14 2013 -> fd[50]: Win.Trojan.Agent-232413 FOUND Wed Apr 3 17:43:09 2013 -> Reading databases from /var/db/clamav Wed Apr 3 17:43:21 2013 -> Database correctly reloaded (2078861 signatures) Wed Apr 3 18:04:17 2013 -> SelfCheck: Database status OK. Wed Apr 3 18:04:17 2013 -> fd[11]: Eicar-Test-Signature FOUND So, still at a loss how to proceed... Ben _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
