On Son, 2013-12-08 at 23:46 -0500, Scott Galambos wrote:
> I'm trying to install clamav 0.97.8 on Linux box and after almost every
> reboot I'm seeing some strange files in my root.
>
> central x64(/): ls -l -a
> total 182K
> drwxr-xr-x 24 root root 4.0K Dec 8 00:59 ./
> drwxr-xr-x 24 root root 4.0K Dec 8 00:59 ../
> drwxr-xr-x 2 root root 4.0K Dec 6 00:59 bin/
> ... stuff ...
> drwxr-xr-x 2 root root 12K Dec 5 04:09 sbin/
> dr-xr-xr-x 11 root root 0 Dec 7 20:50 sys/
> drwx------ 3 root root 4.0K Dec 8 01:49 temp/
> drwxrwxrwt 13 root root 41K Dec 7 08:45 tmp/
> drwxr-xr-x 16 root root 4.0K May 13 2013 usr/
> drwxr-xr-x 14 root root 4.0K Dec 6 03:18 var/
> -rw-r----- 1 root root 33 Dec 7 08:26 \340\020\320
> -rw-r----- 1 root root 33 Dec 6 21:20 \340\020\371
> -rw-r----- 1 root root 33 Dec 7 04:43 \3400\342\001
> -rw-r----- 1 root root 33 Dec 6 23:07 \340P\272
> -rw-r----- 1 root root 33 Dec 7 05:50 \340\240\024\002
> -rw-r----- 1 root root 33 Dec 6 21:37 \340\240q
> -rw-r----- 1 root root 33 Dec 6 06:12 \340\320\254\001
> -rw-r----- 1 root root 33 Dec 8 00:59 \340\340I\002
> -rw-r----- 1 root root 33 Dec 7 08:46 \340\340\206\001
>
> So I take a closer look and each one says "Killing the monitor and
> stopping". This string is found in clamav-milter. Specificially
> clamav-milter/connpool.c. Is this an attempt to log to syslog? I'm
> running syslog-ng, not syslog but that was never a problem before.
>
> Any know why this is happening? How do I stop or fix it?
First major fault: Run clamav-milter as some normal user and especially
not as "root".
Bernd
--
Bernd Petrovitsch Email : [email protected]
LUGA : http://www.luga.at
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
