On 04/03/2013 09:08 AM, Ben Stuyts wrote:
On 3 apr. 2013, at 14:54, Ben Stuyts <b...@altesco.nl> wrote:
Hi,
On 3 apr. 2013, at 03:05, Jim Preston <jimli...@commspeed.net> wrote:
On 03/25/2013 09:26 AM, Ben Stuyts wrote:
Well, still no luck, same errors over the weekend. Anybody have any other ideas?
Thanks,
Ben
On 22 mrt. 2013, at 18:43, Ben Stuyts <b...@altesco.nl> wrote:
[snip]
(cmd line is
/usr/local/bin/clamdscan -m --fdpass /home)
[snip]
This is not a solution but a thought on pointing to root cause. From your
original post, I gather that there are multiple users on the system. What
happens if you scan each user individually? If it is always the same user's
directory causing the problem, you can then narrow the scan down to get the
exact directory / file(s) to get to exact cause.
If scans are automated, i.e. being down after hours when no one is there, there
are numerous ways to automate the individual scans to help get a handle on the
cause of the problem. The exact methods might be platform dependent and
somewhat OT for this particular thread. Feel free to email me off-list if you
want to discuss any methods. By automation and OT, I am referring to using
scripting and / or cron to do the automation and not anything inside of ClamAV
itself.
It is indeed a whole bunch of home directories from different users. I'll give
it a try to scan each one separately and narrow it down.
I scanned the various subdirectories separately, and I did not get the error.
It also identified the eicar test file buried in there:
Wed Apr 3 15:10:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 15:30:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 15:36:49 2013 -> fd[44]: Win.Trojan.Agent-202575 FOUND
Wed Apr 3 15:50:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 16:10:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 16:30:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 16:50:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 17:00:17 2013 -> fd[69]: Eicar-Test-Signature FOUND
Wed Apr 3 17:08:33 2013 -> fd[73]: Win.Trojan.Agent-202575 FOUND
Wed Apr 3 17:08:51 2013 -> fd[66]: Win.Trojan.Agent-202575 FOUND
Wed Apr 3 17:08:58 2013 -> fd[68]: Win.Trojan.Agent-202575 FOUND
Wed Apr 3 17:09:16 2013 -> fd[67]: Win.Trojan.Agent-202575 FOUND
Wed Apr 3 17:10:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 17:30:34 2013 -> SelfCheck: Database status OK.
Wed Apr 3 17:31:14 2013 -> fd[50]: Win.Trojan.Agent-232413 FOUND
Wed Apr 3 17:43:09 2013 -> Reading databases from /var/db/clamav
Wed Apr 3 17:43:21 2013 -> Database correctly reloaded (2078861 signatures)
Wed Apr 3 18:04:17 2013 -> SelfCheck: Database status OK.
Wed Apr 3 18:04:17 2013 -> fd[11]: Eicar-Test-Signature FOUND
So, still at a loss how to proceed...
Ben
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
OK, good. Seems like it might be a system specific issue. I know it is
a server but.... you do not have any power savings features turned on
either in the OS or the BIOS that might be causing an issue?
Jim
--
Jim Preston
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
