my setup:
Debian/sid
vendor-kernel 2.6.8-1-k7
dazuko-module 2.0.4 (vanilla, debian-package is very old)
clamv 0.80
(vanilla, because of the debian-package clamav-daemon 0.80-2
seems not to use the clamuk/dazuko-interface:
Nov 8 16:59:47 taurus2 clamd[2814]: Clamuko is not available.
clamv-daemon starting looks good:
,--------
| Nov 8 17:12:00 taurus2 clamd[12713]: Daemon started.
| Nov 8 17:12:00 taurus2 clamd[12713]: clamd daemon 0.80 (OS: linux-gnu, ARCH:
i386, CPU: i686)
| Nov 8 17:12:00 taurus2 clamd[12713]: Log file size limit disabled.
| Nov 8 17:12:00 taurus2 clamd[12713]: Running as user clamav (UID 106, GID
106)
| Nov 8 17:12:00 taurus2 clamd[12713]: Reading databases from /var/lib/clamav/
| Nov 8 17:12:00 taurus2 clamd[12713]: Protecting against 26367 viruses.
| Nov 8 17:12:00 taurus2 clamd[12714]: Unix socket file
/var/run/clamav/clamd.ctl
| Nov 8 17:12:00 taurus2 clamd[12714]: Setting connection queue length to 15
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: Archived file size limit set
to 62914560 bytes.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: Recursion level limit set to
5.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: Files limit set to 1000.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: Compression ratio limit set to
250.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive support enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: RAR support disabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: Archive: Blocking archives that exceed
limits.
| Nov 8 17:12:00 taurus2 clamd[12714]: Portable Executable support enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: Detection of broken executables
enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: Mail files support enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: OLE2 support enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: HTML support enabled.
| Nov 8 17:12:00 taurus2 clamd[12714]: Self checking every 3600 seconds.
| Nov 8 17:12:00 taurus2 kernel: dazuko: linux_dazuko_device_open() [12715]
| Nov 8 17:12:00 taurus2 kernel: dazuko: linux_dazuko_device_read() [12715]
| Nov 8 17:12:00 taurus2 kernel: dazuko: dazuko_register_daemon() [0]
| Nov 8 17:12:00 taurus2 kernel: dazuko: slot[0] assigned to daemon 5
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Correctly registered with
Dazuko.
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Scan-on-open mode activated.
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Scan-on-close mode activated.
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Scan-on-exec mode activated.
| Nov 8 17:12:00 taurus2 kernel: dazuko: adding incl /
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Included path /
| Nov 8 17:12:00 taurus2 kernel: dazuko: adding excl /proc
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Excluded path /proc
| Nov 8 17:12:00 taurus2 clamd[12714]: Clamuko: Max file size limited to
5242880 bytes.
| Nov 8 17:13:10 taurus2 clamd[12714]: Clamuko: /tmp/foo/clam.cab:
ClamAV-Test-File FOUND
`--------
,--------[ /etc/clamav/clamd.conf ]
| ClamukoScanOnAccess
| ClamukoIncludePath /
| ClamukoExcludePath /proc
| ClamukoScanOnLine
| ClamukoScanOnOpen
| ClamukoScanOnClose
| ClamukoScanOnExec
| ClamukoMaxFileSize 0
| ClamukoScanArchive
`--------
And, finally, it works (mostly):
,--------
| taurus2:/tmp/foo# cp /usr/share/clamav-testfiles/clam.zip /tmp/
| cp: ,,/usr/share/clamav-testfiles/clam.zip" kann nicht zum Lesen ge�ffnet
werden: Die Operation ist nicht erlaubt
|
| Nov 8 17:18:18 taurus2 clamd[12714]: Clamuko:
/usr/share/clamav-testfiles/clam.zip: ClamAV-Test-File FOUND
`--------
eh, changing to LANG=C...
sorry.
but it is possible to download 'infected' files, and write them to disk:
,--------
| taurus2:/tmp/foo# wget http://oerks.de/tmp/clam.cab
| --17:19:27-- http://oerks.de/tmp/clam.cab
| => `clam.cab'
| Resolving oerks.de... 212.42.230.8
| Connecting to oerks.de[212.42.230.8]:80... connected.
| HTTP request sent, awaiting response... 200 OK
| Length: 621 [text/plain]
|
| 100%[=====================================================================>]
621 --.--K/s
|
| 17:19:27 (5.92 MB/s) - `clam.cab' saved [621/621]
`--------
,--------
| taurus2:/tmp/foo# cp clam.cab /tmp/
| cp: cannot open `clam.cab' for reading: Operation not permitted
|
| BUT:
|
| taurus2:/tmp/foo# mv clam.cab /tmp/
| taurus2:/tmp/foo#
`--------
Is it possible to use something like ClamukoScanOnWrite, or is there a
logical mistake by myself?
Aleks
_______________________________________________
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
