[clamav-users] ScanOnAccess: ... (null) FOUND

Kretschmer, Jens Wed, 01 Aug 2018 03:17:23 -0700

Hi,

we have ScanOnAccess and OnAccessExtraScanning activated. When I open firefox I 
get a lot of messages written to /var/log/messages every couple of seconds:


Aug  1 12:07:02 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/3F5C8E984584F19905AC4995D97962FE97EFFBEB:
 (null) FOUND
Aug  1 12:07:02 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1472223436: 
(null) FOUND
Aug  1 12:07:02 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/5A9A7B6DCAF96FA85AB400F1EFB97A4D2BE4289E:
 (null) FOUND
Aug  1 12:07:02 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/715632663: 
(null) FOUND
Aug  1 12:07:04 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/8F2E3CF4AC8F00C3ACE4C932BEA76F2089A593E1:
 (null) FOUND
Aug  1 12:07:04 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/277127757: 
(null) FOUND
Aug  1 12:07:05 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/703A8CB3B4C8311394915B3A285359E7E1AF7520:
 (null) FOUND
Aug  1 12:07:06 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1628703657: 
(null) FOUND
Aug  1 12:07:06 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/5D7DBEB1898CFD7B33E3406F9CA1B6D3BA12C3B6:
 (null) FOUND
Aug  1 12:07:06 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1952686252: 
(null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/449677348: 
(null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/829574285: 
(null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/D2BB3C327EF38DDD2FE5E544DBBE084493F1D608:
 (null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/8F2E3CF4AC8F00C3ACE4C932BEA76F2089A593E1:
 (null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/636557989: 
(null) FOUND
Aug  1 12:07:07 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/5A9A7B6DCAF96FA85AB400F1EFB97A4D2BE4289E:
 (null) FOUND
Aug  1 12:07:10 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1707731390: 
(null) FOUND
Aug  1 12:07:10 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/617693635: 
(null) FOUND
Aug  1 12:07:11 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/5D7DBEB1898CFD7B33E3406F9CA1B6D3BA12C3B6:
 (null) FOUND
Aug  1 12:07:11 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1367025624: 
(null) FOUND
Aug  1 12:07:12 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1089051163: 
(null) FOUND
Aug  1 12:07:13 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/2003921810: 
(null) FOUND
Aug  1 12:07:15 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/703A8CB3B4C8311394915B3A285359E7E1AF7520:
 (null) FOUND
Aug  1 12:07:15 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/1845070701: 
(null) FOUND
Aug  1 12:07:16 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/doomed/250378345: 
(null) FOUND
Aug  1 12:07:16 hostname1 clamd[4051]: ScanOnAccess: 
/home/user1/.cache/mozilla/firefox/0pnt0qc2.default/cache2/entries/5D7DBEB1898CFD7B33E3406F9CA1B6D3BA12C3B6:
 (null) FOUND

I already hide the "ScanOnAccess: Performing additional scanning on file ..." 
messages by adding

:msg, startswith, "ScanOnAccess: Performing additional scanning on file" stop

to a file in /etc/rsyslog.d/. But the messages mentioned above have exactly the 
same format as when malware is found, so I would rather not hide them. Apart 
from the fact that those messages are cluttering /var/log/messages, they also 
trigger malware alarms on our central syslog server. What can I do to stop 
those messages?

Best regards,
Jens

_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] ScanOnAccess: ... (null) FOUND

Reply via email to