[clamav-users] RHEL8 clamonacc behavior

Hoevenaar, Jeffrey (GE Aviation, US) via clamav-users Thu, 13 May 2021 07:10:22 -0700

Hello,

Running clamd and clamonacc on RHEL8 server.



I created a test file called "jeff1234" with the EICAR test string.

The clamonacc seems to find the bad file.  The files remains in place until I 
try to copy or modify it then it is moved to the quarantine directory.  Is that 
normal behavior?


Is this normal output when clamonacc finds a virus?

traverse_rename: Failed to rename
Error:Invalid cross-device link


The clamaccon log file w/ verbose options.

ClamFanotif: attempting to feed consumer queue
ClamWorker: performing scanning on file '/home/2...@col-dev.ge.com/jeff1234'
/home/2...@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '2...@col-dev.ge.com' directory.
traverse_rename: Failed to rename: /home/2...@col-dev.ge.com/jeff1234
        to: /root/clamav-quarantine/jeff1234
Error:Invalid cross-device link
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '2...@col-dev.ge.com' directory.
/home/2...@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'


/var/log/messages output:

May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamFanotif: attempting to feed 
consumer queue
May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamWorker: performing scanning on 
file '/home/2...@col-dev.ge.com/jeff1234'
May 13 09:53:08 rhel8avtest clamonacc[2947]: 
/home/2...@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 
'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 
'2...@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_rename: Failed to rename: 
/home/2...@col-dev.ge.com/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: #011to: 
/root/clamav-quarantine/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: Error:Invalid cross-device link
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 
'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 
'2...@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: 
/home/2...@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'
May 13 09:53:08 rhel8avtest clamd[1534]: /home/2...@col-dev.ge.com/jeff1234: 
Eicar-Signature FOUND


Thanks,
Jeff Hoevenaar

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

[clamav-users] RHEL8 clamonacc behavior

Reply via email to