On 07/01/2010 23:41, Joyce McIntosh wrote:
Have you configured vscan to scan pdf files?
It scans everything less than 100MB in size.
What's the output of vscanadm show?
: pearson FSS 5 $; /usr/sbin/vscanadm show
max-size=100MB
max-size-action=allow
types=+*
srv_clamav:enable=on
srv_clamav:host=localhost
srv_clamav:port=1344
srv_clamav:max-connection=8
samba:enable=on
samba:host=samba
samba:port=1344
samba:max-connection=8
: pearson FSS 6 $;
Have you checked vscanadm stats before and after trying to open
the infected file?
: pearson FSS 2 $; /usr/sbin/vscanadm stats
scanned=5575
infected=0
failed=4
srv_clamav:errors=2
samba:errors=3
: pearson FSS 3 $; cp virus.d/clam.pdf /tank/test
: pearson FSS 4 $; /usr/sbin/vscanadm stats
scanned=5576
infected=0
failed=4
srv_clamav:errors=2
samba:errors=3
Can you run vscan.d dtrace script and capture the output while
trying to open the infected file.
the output is attached.
Chris Gerhard wrote:
Running the vscan service on a system it fails to spot a test virus in
a PDF file. The odd thing is that if I use the icap-client with the
file the same icap servers report the virus correctly.
for i in clam*
do
cat $i >/dev/null && echo $i
done
-ksh93: cat: clam-aspack.exe: cannot open [Permission denied]
-ksh93: cat: clam-fsg.exe: cannot open [Permission denied]
-ksh93: cat: clam-mew.exe: cannot open [Permission denied]
-ksh93: cat: clam-nsis.exe: cannot open [Permission denied]
-ksh93: cat: clam-pespin.exe: cannot open [Permission denied]
-ksh93: cat: clam-petite.exe: cannot open [Permission denied]
-ksh93: cat: clam-upack.exe: cannot open [Permission denied]
-ksh93: cat: clam-upx.exe: cannot open [Permission denied]
-ksh93: cat: clam-v2.rar: cannot open [Permission denied]
-ksh93: cat: clam-v3.rar: cannot open [Permission denied]
-ksh93: cat: clam-wwpack.exe: cannot open [Permission denied]
-ksh93: cat: clam.arj: cannot open [Permission denied]
-ksh93: cat: clam.bz2.zip: cannot open [Permission denied]
-ksh93: cat: clam.cab: cannot open [Permission denied]
-ksh93: cat: clam.chm: cannot open [Permission denied]
-ksh93: cat: clam.d64.zip: cannot open [Permission denied]
-ksh93: cat: clam.ea05.exe: cannot open [Permission denied]
-ksh93: cat: clam.ea06.exe: cannot open [Permission denied]
-ksh93: cat: clam.exe: cannot open [Permission denied]
-ksh93: cat: clam.exe.binhex: cannot open [Permission denied]
-ksh93: cat: clam.exe.bz2: cannot open [Permission denied]
-ksh93: cat: clam.exe.html: cannot open [Permission denied]
-ksh93: cat: clam.exe.mbox.base64: cannot open [Permission denied]
-ksh93: cat: clam.exe.mbox.uu: cannot open [Permission denied]
-ksh93: cat: clam.exe.rtf: cannot open [Permission denied]
-ksh93: cat: clam.exe.szdd: cannot open [Permission denied]
-ksh93: cat: clam.impl.zip: cannot open [Permission denied]
-ksh93: cat: clam.mail: cannot open [Permission denied]
-ksh93: cat: clam.ole.doc: cannot open [Permission denied]
clam.pdf
-ksh93: cat: clam.ppt: cannot open [Permission denied]
-ksh93: cat: clam.sis: cannot open [Permission denied]
-ksh93: cat: clam.tar.gz: cannot open [Permission denied]
-ksh93: cat: clam.tnef: cannot open [Permission denied]
-ksh93: cat: clam.zip: cannot open [Permission denied]
: pearson FSS 84 $;
: pearson FSS 84 $; for i in samba
localhost^Jdo^J/opt/cjgsw/bin/icap\-client>
for i in samba localhost
do
/opt/cjgsw/bin/icap\-client -f clam.pdf -s
"srv_clamav?allow204=on&force=on&sizelimit=off&mode=simple" -i $i |
grep VIRUS
done
ICAP server:samba, ip:192.168.1.20, port:1344
<H1>VIRUS FOUND</H1>
ICAP server:localhost, ip:127.0.0.1, port:1344
<H1>VIRUS FOUND</H1>
: pearson FSS 85 $;
--
Sent from my OpenSolaris Laptop
CPU ID FUNCTION:NAME
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 0, node:
0, taskq: 0
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 0, node:
0, taskq: 0
0 72597 vscan_svc_taskq_callback:entry idx: 1, seqnum: 20816 -
/tank/test/clam.pdf
0 72601 vscan_svc_do_scan:entry idx: 1, seqnum: 20816 -
/tank/test/clam.pdf
0 7818 vscan_svc_getattr:vscan-getattr /tank/test/clam.pdf, m: 1, q: 0,
scanstamp:
0 72645 vscan_door_scan_file:entry idx: 1, seqnum: 20816 -
/tank/test/clam.pdf
0 76858 vs_door_scan_req:entry
0 76886 vs_svc_queue_scan_req:entry
0 76890 vs_svc_queue_scan_req:return
0 72646 vscan_door_scan_file:return VS_STATUS_SCANNING
0 72602 vscan_svc_do_scan:return
0 72598 vscan_svc_taskq_callback:return
0 76887 vs_svc_async_scan:entry
0 76859 vs_svc_scan_file:entry
0 76897 vs_eng_get:entry
0 76898 vs_eng_connect:entry
0 76902 vs_eng_connect:return success
0 76901 vs_eng_get:return success
0 76889 vs_icap_scan_file:entry
0 76928 vs_icap_option_request:entry
0 76936 vs_icap_option_request:return success
0 76931 vs_icap_respmod_request:entry
0 76932 vs_icap_may_preview:entry
0 76943 vs_icap_may_preview:return TRANSFER PREVIEW
0 76933 vs_icap_send_preview:entry
0 76934 vs_icap_send_respmod_hdr:entry
0 76941 vs_icap_send_respmod_hdr:return success
0 76940 vs_icap_send_preview:return success
0 76935 vs_icap_read_respmod_resp:entry
0 76942 vs_icap_read_respmod_resp:return success
0 76939 vs_icap_respmod_request:return success
0 76894 vs_icap_scan_file:return 1 VS_RESULT_CLEAN
0 76899 vs_eng_release:entry
0 76900 vs_eng_release:return
0 76895 vs_stats_set:entry CLEAN
0 76896 vs_stats_set:return
0 76892 vs_svc_scan_file:return VS_STATUS_CLEAN
0 76920 vscand_kernel_result:entry
0 72585 vscan_drv_ioctl:entry vscan daemon ioctl 4 RESULT
0 7817 vscan_svc_setattr:vscan-setattr m: 0, scanstamp:
0 7819 vscan_svc_process_scan_result:vscan-result idx: 1, seqnum: 20816,
VS_STATUS_CLEAN - VS_ACCESS_ALLOW
0 72599 vscan_svc_scan_complete:entry idx: 1, seqnum: 20816, state:
SCANNING - /tank/test/clam.pdf
0 72593 vscan_svc_delete_req:entry idx: 1, seqnum: 20816 -
/tank/test/clam.pdf
0 72594 vscan_svc_delete_req:return
0 72600 vscan_svc_scan_complete:return
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 0, node:
0, taskq: 0
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 0, node:
0, taskq: 0
0 76921 vscand_kernel_result:return
0 76891 vs_svc_async_scan:return
1 7824 vscan_svc_scan_file:vscan-scan-file /tank/test/clam.pdf (async)
1 7814 vscan_svc_exempt_filetype:vscan-type-match ext: pdf matched: +*
1 72591 vscan_svc_reql_insert:entry /tank/test/clam.pdf
1 72592 vscan_svc_reql_insert:return seqnum 20816 /tank/test/clam.pdf
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 1, node:
0, taskq: 0
1 72595 vscan_svc_insert_req:entry seqnum: 20816 - /tank/test/clam.pdf
1 72596 vscan_svc_insert_req:return idx: 1
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 1, node:
1, taskq: 1
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 1, node:
0, taskq: 0
0 72595 vscan_svc_insert_req:entry seqnum: 20817 - /tank/test/clam.pdf
0 72596 vscan_svc_insert_req:return idx: 1
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 1, node:
1, taskq: 1
0 76887 vs_svc_async_scan:entry
0 76859 vs_svc_scan_file:entry
0 76897 vs_eng_get:entry
0 76898 vs_eng_connect:entry
0 76902 vs_eng_connect:return error
0 76901 vs_eng_get:return success
0 76889 vs_icap_scan_file:entry
0 76928 vs_icap_option_request:entry
0 76936 vs_icap_option_request:return success
0 76931 vs_icap_respmod_request:entry
0 76932 vs_icap_may_preview:entry
0 76943 vs_icap_may_preview:return TRANSFER PREVIEW
0 76933 vs_icap_send_preview:entry
0 76934 vs_icap_send_respmod_hdr:entry
0 76941 vs_icap_send_respmod_hdr:return success
0 76940 vs_icap_send_preview:return success
0 76935 vs_icap_read_respmod_resp:entry
0 76942 vs_icap_read_respmod_resp:return success
0 76939 vs_icap_respmod_request:return success
0 76894 vs_icap_scan_file:return 1 VS_RESULT_CLEAN
0 76899 vs_eng_release:entry
0 76900 vs_eng_release:return
0 76895 vs_stats_set:entry CLEAN
0 76896 vs_stats_set:return
0 76892 vs_svc_scan_file:return VS_STATUS_CLEAN
0 76920 vscand_kernel_result:entry
0 72585 vscan_drv_ioctl:entry vscan daemon ioctl 4 RESULT
0 7817 vscan_svc_setattr:vscan-setattr m: 0, scanstamp:
0 7819 vscan_svc_process_scan_result:vscan-result idx: 1, seqnum: 20817,
VS_STATUS_CLEAN - VS_ACCESS_ALLOW
0 72599 vscan_svc_scan_complete:entry idx: 1, seqnum: 20817, state:
SCANNING - /tank/test/clam.pdf
0 72600 vscan_svc_scan_complete:return
0 76921 vscand_kernel_result:return
0 76891 vs_svc_async_scan:return
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 0, node:
0, taskq: 0
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 0, node:
0, taskq: 0
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 1, node:
0, taskq: 0
0 72595 vscan_svc_insert_req:entry seqnum: 20818 - /tank/test/clam.pdf
0 72596 vscan_svc_insert_req:return idx: 1
0 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 1, node:
1, taskq: 1
0 76887 vs_svc_async_scan:entry
0 76859 vs_svc_scan_file:entry
0 76897 vs_eng_get:entry
0 76901 vs_eng_get:return success
0 76889 vs_icap_scan_file:entry
0 76928 vs_icap_option_request:entry
0 76936 vs_icap_option_request:return success
0 76931 vs_icap_respmod_request:entry
0 76932 vs_icap_may_preview:entry
0 76943 vs_icap_may_preview:return TRANSFER PREVIEW
0 76933 vs_icap_send_preview:entry
0 76934 vs_icap_send_respmod_hdr:entry
0 76941 vs_icap_send_respmod_hdr:return success
0 76940 vs_icap_send_preview:return success
0 76935 vs_icap_read_respmod_resp:entry
1 7824 vscan_svc_scan_file:vscan-scan-file /tank/test/clam.pdf (sync)
1 7814 vscan_svc_exempt_filetype:vscan-type-match ext: pdf matched: +*
1 72591 vscan_svc_reql_insert:entry /tank/test/clam.pdf
1 72592 vscan_svc_reql_insert:return seqnum 20817 /tank/test/clam.pdf
1 72597 vscan_svc_taskq_callback:entry idx: 1, seqnum: 20817 -
/tank/test/clam.pdf
1 72601 vscan_svc_do_scan:entry idx: 1, seqnum: 20817 -
/tank/test/clam.pdf
1 7818 vscan_svc_getattr:vscan-getattr /tank/test/clam.pdf, m: 0, q: 0,
scanstamp:
1 72645 vscan_door_scan_file:entry idx: 1, seqnum: 20817 -
/tank/test/clam.pdf
1 76858 vs_door_scan_req:entry
1 76886 vs_svc_queue_scan_req:entry
1 76888 vs_eng_scanstamp_current:entry
1 76893 vs_eng_scanstamp_current:return NOT CURRENT
1 76890 vs_svc_queue_scan_req:return
1 72646 vscan_door_scan_file:return VS_STATUS_SCANNING
1 72602 vscan_svc_do_scan:return
1 72598 vscan_svc_taskq_callback:return
1 72593 vscan_svc_delete_req:entry idx: 1, seqnum: 20817 -
/tank/test/clam.pdf
1 72594 vscan_svc_delete_req:return
1 7824 vscan_svc_scan_file:vscan-scan-file /tank/test/clam.pdf (async)
1 7814 vscan_svc_exempt_filetype:vscan-type-match ext: pdf matched: +*
1 72591 vscan_svc_reql_insert:entry /tank/test/clam.pdf
1 72592 vscan_svc_reql_insert:return seqnum 20818 /tank/test/clam.pdf
1 7824 vscan_svc_scan_file:vscan-scan-file /tank/test/clam.pdf (async)
1 7814 vscan_svc_exempt_filetype:vscan-type-match ext: pdf matched: +*
1 72591 vscan_svc_reql_insert:entry /tank/test/clam.pdf
1 72592 vscan_svc_reql_insert:return seqnum 20818 /tank/test/clam.pdf
1 72597 vscan_svc_taskq_callback:entry idx: 1, seqnum: 20818 -
/tank/test/clam.pdf
1 72601 vscan_svc_do_scan:entry idx: 1, seqnum: 20818 -
/tank/test/clam.pdf
1 7818 vscan_svc_getattr:vscan-getattr /tank/test/clam.pdf, m: 0, q: 0,
scanstamp:
1 72645 vscan_door_scan_file:entry idx: 1, seqnum: 20818 -
/tank/test/clam.pdf
1 76858 vs_door_scan_req:entry
1 76886 vs_svc_queue_scan_req:entry
1 76888 vs_eng_scanstamp_current:entry
1 76893 vs_eng_scanstamp_current:return NOT CURRENT
1 76890 vs_svc_queue_scan_req:return
1 72646 vscan_door_scan_file:return VS_STATUS_SCANNING
1 72602 vscan_svc_do_scan:return
1 72598 vscan_svc_taskq_callback:return
1 76942 vs_icap_read_respmod_resp:return success
1 76939 vs_icap_respmod_request:return success
1 76894 vs_icap_scan_file:return 1 VS_RESULT_CLEAN
1 76899 vs_eng_release:entry
1 76900 vs_eng_release:return
1 76895 vs_stats_set:entry CLEAN
1 76896 vs_stats_set:return
1 76892 vs_svc_scan_file:return VS_STATUS_CLEAN
1 76920 vscand_kernel_result:entry
1 72585 vscan_drv_ioctl:entry vscan daemon ioctl 4 RESULT
1 7817 vscan_svc_setattr:vscan-setattr m: 0, scanstamp:
1 7819 vscan_svc_process_scan_result:vscan-result idx: 1, seqnum: 20818,
VS_STATUS_CLEAN - VS_ACCESS_ALLOW
1 72599 vscan_svc_scan_complete:entry idx: 1, seqnum: 20818, state:
SCANNING - /tank/test/clam.pdf
1 72593 vscan_svc_delete_req:entry idx: 1, seqnum: 20818 -
/tank/test/clam.pdf
1 72594 vscan_svc_delete_req:return
1 72600 vscan_svc_scan_complete:return
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wake reql: 0, node:
0, taskq: 0
1 7822 vscan_svc_reql_handler:vscan-req-counts handler wait reql: 0, node:
0, taskq: 0
1 76921 vscand_kernel_result:return
1 76891 vs_svc_async_scan:return
_______________________________________________
cifs-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/cifs-discuss
