Christopher X. Candreva wrote:
> On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
>
>> Yes, I'm periodically doing scans of the full drive. I could just skip
>> the mysql directory, but that seems pretty bad security practice.
>
> Why does it seem that way to you ?
>
> I don't think scanni
Jon Wagoner - Red Cheetah wrote:
>
> Is there any way I can disable the check for Email.FreeGame?
Is there any reason to suspect this file will ever contain a viable virus? If
not
then don't bother scanning it. Sorry I don't have an answer for your question.
dp
__
I'm not sure what the proper procedure is here. Clamav is detecting
Email.FreeGame in two of the database files from my MySQL database (one
.MYD and one .ibd). If I dump the contents as text and scan no virus is
found, so apparently it's just something in the binary format of the DB
triggering it.
Jon Wagoner - Red Cheetah wrote:
>>> Yes, I'm periodically doing scans of the full drive. I could just
>> skip
>>> the mysql directory, but that seems pretty bad security practice.
>> Why does it seem that way to you ?
>
> It appears clamav just does a substring match on the exclude, so it
> woul
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
> Yes, I'm periodically doing scans of the full drive. I could just skip
> the mysql directory, but that seems pretty bad security practice.
Why does it seem that way to you ?
I don't think scanning raw mysql database files is going to give
> > Yes, I'm periodically doing scans of the full drive. I could just
> skip
> > the mysql directory, but that seems pretty bad security practice.
>
> Why does it seem that way to you ?
It appears clamav just does a substring match on the exclude, so it
would be easy to hide viruses. E.g. If I
On Fri, September 28, 2007 12:41 pm, Dennis Peterson said:
> Jon Wagoner - Red Cheetah wrote:
>
>>
>> Is there any way I can disable the check for Email.FreeGame?
>
> Is there any reason to suspect this file will ever contain a viable
> virus? If not then don't bother scanning it. Sorry I don't ha
> On Fri, September 28, 2007 12:41 pm, Dennis Peterson said:
> > Jon Wagoner - Red Cheetah wrote:
> >
> >>
> >> Is there any way I can disable the check for Email.FreeGame?
> >
> > Is there any reason to suspect this file will ever contain a viable
> > virus? If not then don't bother scanning it. S
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
> It appears clamav just does a substring match on the exclude, so it
> would be easy to hide viruses. E.g. If I excluded .MYD, then you could
> just have your virus named somevirus.MYD and it would not be caught. If
I would not exclude *.MY
Once upon a time, Jeff Thurston <[EMAIL PROTECTED]> said:
> Im running clamav 91.2 (90.3 did the same thing).
> After about an hour or so the clamd process gets stuck at 100%.
> I've checked various logs for the cause and haven't found anything.
What OS and platform?
I have had load problems wit
Im running clamav 91.2 (90.3 did the same thing).
After about an hour or so the clamd process gets stuck at 100%.
I've checked various logs for the cause and haven't found anything.
Clamav is being run by amavis-new 2.3 if that info is of any interest.
This is a recent problem, I ran 88.4 just f
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Chris Adams
> Sent: Friday, September 28, 2007 11:48 AM
> To: 'ClamAV users ML'
> Subject: Re: [Clamav-users] clamd stuck at 100% cpu usage
>
> Once upon a time, Jeff Thurston <[EMAIL PROT
Jeff Thurston wrote:
>> -Original Message-
>> From: [EMAIL PROTECTED] [mailto:clamav-users-
>> [EMAIL PROTECTED] On Behalf Of Chris Adams
>> Sent: Friday, September 28, 2007 11:48 AM
>> To: 'ClamAV users ML'
>> Subject: Re: [Clamav-users] clamd stuck at 100% cpu usage
>>
>> Once upon a time
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Dennis Peterson
> Sent: Friday, September 28, 2007 12:07 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] clamd stuck at 100% cpu usage
>
> Jeff Thurston wrote:
> >> -Original Me
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Dennis Peterson
> Sent: Friday, September 28, 2007 12:11 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] clamd stuck at 100% cpu usage
>
> Dennis Peterson wrote:
> > Jeff Thurston w
Jeff Thurston wrote:
>
> Please forgive my ignorance, I don't use strace very much...
>
> I assume it is as simple as waiting for the process to get stuck at 100%
> again, then 'strace -p ` and look for... what should I look for?
Yes, pretty much it. You should probably also use the -f (follow)
Dennis Peterson wrote:
> Jeff Thurston wrote:
>>> -Original Message-
>>> From: [EMAIL PROTECTED] [mailto:clamav-users-
>>> [EMAIL PROTECTED] On Behalf Of Chris Adams
>>> Sent: Friday, September 28, 2007 11:48 AM
>>> To: 'ClamAV users ML'
>>> Subject: Re: [Clamav-users] clamd stuck at 100% c
Dennis Peterson wrote:
> Yes, pretty much it. You should probably also use the -f (follow)
> switch to see what the kids are doing, too.
Does strace work well with POSIX threads on Linux? My impression was not,
but maybe my information is out of date.
Regards,
David.
__
David F. Skoll wrote:
> Dennis Peterson wrote:
>
>> Yes, pretty much it. You should probably also use the -f (follow)
>> switch to see what the kids are doing, too.
>
> Does strace work well with POSIX threads on Linux? My impression was not,
> but maybe my information is out of date.
I'm a Sol
On 9/28/07, Jeff Thurston <[EMAIL PROTECTED]> wrote:
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:clamav-users-
> > [EMAIL PROTECTED] On Behalf Of Chris Adams
> > Sent: Friday, September 28, 2007 11:48 AM
> > To: 'ClamAV users ML'
> > Subject: Re: [Clamav-users] clamd stuck at
> On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
>
> > It appears clamav just does a substring match on the exclude, so it
> > would be easy to hide viruses. E.g. If I excluded .MYD, then you
> could
> > just have your virus named somevirus.MYD and it would not be caught.
> If
>
> I would
On Fri, 28 Sep 2007, Jon Wagoner - Red Cheetah wrote:
> > hidden
> > > in /home/someuser/var/lib/mysql/my-virus-here.
> >
> > Users should not be able to write to that directory at all, it should
> > be
> Take a closer look, that's not the real mysql directory, just a
> subdirectory under the us
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:clamav-users-
> [EMAIL PROTECTED] On Behalf Of Dennis Peterson
> Sent: Friday, September 28, 2007 12:35 PM
> To: ClamAV users ML
> Subject: Re: [Clamav-users] strace and threads (was Re: clamd stuck at
> 100% cpu usage)
>
> David F. Sk
23 matches
Mail list logo
