-----Original Message----- From: Fred Jakobza [mailto:[EMAIL PROTECTED] Sent: Thursday, March 31, 2005 3:17 AM To: ClamAV users ML Subject: Re: [Clamav-users] Linux virus found in the /.journal file
::snip:: > The root was remounted after reboot and after creation of ext3. > the ctime of the .journal file is over 600 days ago: > -rw------- 1 root root 33554432 Jun 24 2003 /.journal > Maybe it is not in use now. Than, can I remove it???? > The problem is, Fred, that if the journal file is visible at all, then I sus[pect the filesystem is not truly mounted as EXT3. When properly mounted as EXT3, the journal is NOT visible to to an "ls" command (or to any other command that operates on "files"). You might try confirming that your filesystem is actually mounted as EXT3 by typing "df --type=ext3" and looking to see if each of your EXT3 filesystems is listed. This command tells "df" to display only those filesystems that are actually mounted as EXT3. If you DO see your journaled filesystems listed in that output, and you still can "see" the journal, you then get into kernel/driver version questions, module info, and other stuff that goes well beyond the scope of the CLAMAV lists. Time to find some answers from a Redhat support list. Ken _______________________________________________ http://lurker.clamav.net/list/clamav-users.html
