The system these questions involve is OS X.4.11 Intel using the ClamAV engine
0.95.2.
ClamD is running and Clamdscan will perform scans manually and successfully
finds the test EICAR file.
ClamD is running as Root (as identified in Activity Monitor), started from a
LaunchDaemon.
Questions:
1)
On Jul 6, 2010, at 12:35 PM, Nathan Gibbs wrote:
> Usually all that I see are log entries like this
>
> Jul 6 05:11:32 host clamd[30362]: /path/to/infected/file/infectedfile:
> VirusName FOUND
>
> or this
>
> Jul 6 05:12:26 host clamd[30362]: stream: VirusName FOUND
>
> Nothing is logged ab
On Jul 6, 2010, at 1:46 PM, Noel Jones wrote:
>> What is a suitable command I could use to test that this is firing? I've
>> tried a few things with ECHO but nothing shows up.
>>
>
> echo won't work. The event script is run by the clamd daemon, which isn't
> attached to a terminal.
>
>> Ma
On Jul 6, 2010, at 3:12 PM, Török Edwin wrote:
>> Interesting, I made my VirusEvent line look like this in clamd.conf:
>>
>> VirusEvent /bin/cp /Library/mytestfile.txt /Library/mytestfile2.txt
>
> Does the 'clamav' user have the right to create files in /Library?
>
> Note that even if you run
On Jul 6, 2010, at 4:51 PM, Noel Jones wrote:
> Make sure you restart clamd after editing clamd.conf.
Ah, this was the core of my problem. Clamd was not seeing the new VirusEvent
command lines I was using for testing. My config file was not really being
reloaded.
I was starting/stopping cla
mscan manually to scan that same directory runs successfully.
Nothing bad is found.
Clamd is running as root on this machine.
What is the most practical way to debug and correct this problem?
-
Russ Tyndall
Wake Forest, NC
*
Host Name: OurFileServer
Date
On Mar 11, 2011, at 1:32 PM, Török Edwin wrote:
> So try clamscan --debug -rvi /path/to/folder 2>/dev/null, and see on
> which file it crashes.
"clamscan" or "clamDscan"? I am getting the crash in clamDscan. Clamscan
processes the directory successfully.
And if you meant clamDscan, do the ot
issue up.
Thanks for the help!
-
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
Only directories that are used by the Windows machines are
scanned.
Because of the huge volume of data being scanned (70 Gb), the scan takes about
6 hours to complete.
Is there a practical way to reduce the scan time?
Thanks.
-
Russ Tyndall
Wake Fores
time improvement and the CPU spiked at 100% for the
duration of the scan.
This environment is stuck with 10.4 indefinitely.
---------
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
h
usr/local/share/man
--sysconfdir=/private/etc/spam/clamav/new --enable-bigstack --with-user=clamav
--enable-static --with-group=clamav --with-dbdir=/var/clamav
--datadir=/var/clamav
Then, make and install.
-
Russ Tyndall
Wake Forest, NC
___
more than 60 minutes ago:
find [path to directory] [path to second directory] ! -type d -mmin -60 > [path
to output file later read by clamav]
I'm now going to do some testing with the MaxScanSize directive.
-
Russ Tyndall
Wake Forest, NC
___
der
10 minutes for a directory with 15GB of data. If I scanned the entire
directory, the scan time would be about 2 hours.
I believe I could go out much longer than 3 days and still keep the scan
periods down to a "reasonable" time.
-
Rus
with MaxScanSize = 1MB takes about 1 hour.
A full scan with MaxScanSize = 200K takes about 18 minutes.
***
So I now have two tactics to minimize scan time: 1) Partially scan ALL files 2)
Fully scan a set of recently modified files.
Which is more likely?: That a partial scan (first 200K) misses
On Mar 17, 2011, at 7:50 AM, G.W. Haywood wrote:
> On Thu, 17 Mar 2011 Russ Tyndall wrote:
>
>> So I now have two tactics to minimize scan time:
>> 1) Partially scan ALL files
>> 2) Fully scan a set of recently modified files.
>
> There might be another option. I
ve been
newly introduced into the file system, in addition to files that have been
modified. This would solve the issue of an "old" baddie being copied onto the
machine with an "old" modification date.
I'm sure it does not
tion: is there a built-in way to have a timestamp added to the
scan summary?)
-
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
zip2 files be
manually installed? Obviously, I am going to have to go third-party.
If bzip2 is not updated, will clamd be unstable?
Thanks.
-----
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http
On Mar 29, 2011, at 9:29 AM, Russ Tyndall wrote:
> For older machines (10.4) what is the best way to update bzip2?
>
> Do I need to put MacPorts on every machine?
It looks like MacPorts requires the Developer Tools be installed, which makes
that deployment method a lot less
e, won't
the OS be ok?
Thanks in advance for any guidance.
-
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
cessful.)
Thanks for any help.
-
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
=_clamav --enable-all-jit-targets
--prefix=/usr/local/clamav
I have wondered if "make" or "make install" needs some kind've flag(?)
Thanks.
-
Russ Tyndall
Wake Forest, NC
___
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
22 matches
Mail list logo
