On 2008-11-25 23:58, Ken S. wrote: > I'm having a little trouble with ClamAV-0.94.1 running on a Redhat-ES5 server. > > I set up a cron script to execute a scan of my web htdocs directory. > It runs for 5-6 hours and then quits. Here is a snippet of the output > that is sent back to me in cron: > > /usr/local/apache/htdocs/original-tar-files/huron.tar.gz: GZip module > failure ERROR > /usr/local/apache/htdocs/original-tar-files/pirate.tar.gz: GZip module > failure ERROR > /usr/local/apache/htdocs/original-tar-files/max.tar.gz: GZip module > failure ERROR > ... > > If I set clamdscan to scan a small directory it returns a running time > timestamp at the end of the email, however, the scan of htdocs/ does > not produce this. I don't know if it is because the file list is too > long or if it is exiting abnormally. > > This is my entry from crontab: > 00 10 25 11 * /usr/local/bin/clamdscan /usr/local/apache > > I compiled ClamAV from source with this build string: > ./configure --sysconfdir=/etc --enable-check > > I grep'd through config.log for anything gzip related and didn't see anything: > [EMAIL PROTECTED] clamav-0.94.1]# grep -i gzip config.log > [EMAIL PROTECTED] clamav-0.94.1]# > > Also, this is what 'file' says the gzip files are: > [EMAIL PROTECTED] clamav-0.94.1]# file > /usr/local/apache/htdocs/original-tar-files/huron.tar.gz > /usr/local/apache/htdocs/original-tar-files/huron.tar.gz: gzip > compressed data, was "huron.tar", from Unix, last modified: Thu Jul 28 > 11:08:40 2005, max compression > [EMAIL PROTECTED] clamav-0.94.1]# file > /usr/local/apache/htdocs/original-tar-files/pirate.tar.gz > /usr/local/apache/htdocs/original-tar-files/pirate.tar.gz: gzip > compressed data, was "pirate.tar", from Unix, last modified: Wed Aug > 31 15:54:51 2005, max compression > > I thought maybe it was the "max compression" setting with gzip, but > that doesn't seem to affect it, either: > [EMAIL PROTECTED] clamav-0.94.1]# gzip -9 BUGS > [EMAIL PROTECTED] clamav-0.94.1]# clamdscan BUGS.gz > /usr/local/src/clamav-0.94.1/BUGS.gz: OK > > ----------- SCAN SUMMARY ----------- > Infected files: 0 > Time: 0.039 sec (0 m 0 s) > [EMAIL PROTECTED] clamav-0.94.1]# > > Is it possible to just ignore .gz? Probably not the best solution, but ... > > So any suggestions would be appreciated. >
Run clamd with 'Debug yes', 'Foreground yes', and redirect stderr to a file, then scan that directory again with clamdscan. See what messages are right before the error message. Best regards, --Edwin _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
