Hi all,
I was hoping someone might have some advice on debugging an IDSESSION command
when streaming content to the clamav daemon. I'm trying to understand why small
files (<=1 mb) are being processed appropriately but when I scale the file up
to 2 mb or so, it just spins until it times out.
Hello again,
On Tue, 24 Sep 2019, Tim Stubbs wrote:
What kinds of threats do you care about? If for example you're not
expecting your Linux boxes to be attacked by Windows malware you
could reduce the size of the ClamAV databases very significantly
which might improve scanning performance.
Hi there,
On Tue, 24 Sep 2019, Lars Åhman wrote:
Im running clamav as a daemon on a fedora and basically keep it running
24/7 except for an occasional update every now and then.
It isn't clear to me from what you've written that you know what the
ClamAV daemon (clamd) actually does. Do you?
Log rotation done by clamav is totally separate than your system's log
rotation that is done by a cronjob...
Unless you are doing some serious debugging, there isn't a lot that is
written to the clamd & freshclam log files...
My daily clamd.log is maybe 2 KB, and freshclam.log maybe around 20
Scott,
The files that would be on the local web server *are* static names...
bytecode.cvd
daily.cvd
main.cvd
safebrowsing.cvd
If your machines can't access the internet by policy, then that is one
route you can go. However, if you are trying to save bandwidth,
letting them download the .diff
Im running clamav as a daemon on a fedora and basically keep it running
24/7 except for an occasional update every now and then. I want the main
clamd log to rotate and have the LogFileMaxSize set to some small amount
for testing purposes and LogRotate set to yes. I had no prior experience
with
ClamAV only has built-in support for OnAccess scanning on Linux.
If there are people claiming that OnAccess scanning can be bypassed, you should
ask them for more details. To my knowledge it hasn’t been discussed here
before, and is the first I have heard of it.
Regards,
Micah
From:
Hi
> What kinds of threats do you care about? If for example you're not
> expecting your Linux boxes to be attacked by Windows malware you
could
> reduce the size of the ClamAV databases very significantly which
might
> improve scanning performance.
Sorry could you point me in the right
Hi,
thanks for the quick response. We have been asked to run Realtime scans
as part of our PCI requirement, otherwise I would agree with you 100%.
that wasn't the best worst, example i had a VM this morning 56 49 47,
which went back to 1 when I stopped clamd. I do however have other VMs
where
Hi there,
On Tue, 24 Sep 2019, Tim Stubbs wrote:
I am running clamd with OnAccess enabled, however its causing the load
on the systems to make them almost unusable within about 24hours.
This may be true, but I'd want to know that the suspicion is justified
(and front and centre I personally
Great stuff – that has resolved that error.
Just need to get my head around what should and what should not be
included/excluded now.
You would of thought there would be a “this is a good layout” for
inclusions/exclusions for RHEL. Which you could start with in the knowledge you
aren’t going
While it is not recommended to scan everything under /var (or /var
at all), the reason it fails is because you have /var submounts
(/var/log, /var/tmp).
This is currently a known bug in clamav (I reported
it: https://bugzilla.clamav.net/show_bug.cgi?id=12306 ), and the
workaround in your case is:
Thanks Ged - much appreciated :-
>> We have a need to have OnAccessScanning on our RHEL servers but with
>> some path exclusions.
>May I ask why? -
Ian Response - Yes the Application folks have deemed certain path not required
to be scanned and are hoping to avoid any performance issues as
Hi there,
On Tue, 24 Sep 2019, CROFT Ian wrote:
We have a need to have OnAccessScanning on our RHEL servers but with
some path exclusions.
May I ask why?
So as I read the manuals etc it seems I have to use the
OnAccessIncludePath rather than the OnAccessMountPath.
I guess that's right
Hi
We have a need to have OnAccessScanning on our RHEL servers but with some path
exclusions.
So as I read the manuals etc it seems I have to use the OnAccessIncludePath
rather than the OnAccessMountPath.
So the filesystem layout is as such :-
/
/boot
/home
/var
/var/log
/var/tmp
Hi,
I am running clamd with OnAccess enabled, however its causing the load
on the systems to make them almost unusable within about 24hours.
as you can see sys is at 98%, it seem clamd is stopping other
applications from processing somehow. cannot find anything in the logs.
not sure what
To be complete: I'm running clamav 0.101.4 on RHEL7 (fully
patched)
Franky
Op Dinsdag, 24-09-2019 om 13:22 schreef Al Varnell via clamav-users:
I suspect it will depend on what platform you are running it on.
-Al-
On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users
wrote:
I suspect it will depend on what platform you are running it on.
-Al-
> On Sep 24, 2019, at 04:20, Franky Van Liedekerke via clamav-users
> wrote:
>
> Hi all,
>
> currently I have onaccess scanning up and running just fine in clamav.
> However, some people claim this can be bypassed (so
Hi all,
currently I have onaccess scanning up and running just fine in clamav.
However, some people claim this can be bypassed (so access a file and
not force it to be scanned), so I have some questions:
- is this true? Can onaccess be bypassed?
- if so: can I force a scan of all files that
19 matches
Mail list logo
