Hi Nigel,
Nigel Allen wrote:
> Greetings
>
> We installed ClamAV on a linux server a while ago and just (to our
> surprise) ran out of disk space.
>
> When I looked in /var/clamav I found a mass of folders, one per day,
> with names like clamav-0469ab0d85545be0513157f39be9ccd6.
>
> Each of the folders are 700+MB in size.
The definitions shouldn't be that big. Something is definitely wrong in
your configs. Check your freshclam.conf.
> I presume that these are virus definitions and that it's safe to blow
> any away earlier than today?
In theory, you could just rm -r all of them and run freshclam again to
get updated definition. If backing up isn't an options your best bet is
to just delete them straight off but I _would_ back up just in case.
> An idea why they would still be there and if we've perhaps
> mis-configured anything?
A stock config of /etc/clamav/freshclam.conf on a Ubuntu box is as follows-
[...@interrupt:/etc/clamav]$ cat -n freshclam.conf
(04-15 11:49)
1 # Automatically created by the clamav-freshclam postinst
2 # Comments will get lost when you reconfigure the
clamav-freshclam package
3
4 DatabaseOwner clamav
5 UpdateLogFile /var/log/clamav/freshclam.log
6 LogVerbose false
7 LogSyslog false
8 LogFacility LOG_LOCAL6
9 LogFileMaxSize 0
10 LogTime no
11 Foreground false
12 Debug false
13 MaxAttempts 5
14 DatabaseDirectory /var/lib/clamav/
15 DNSDatabaseInfo current.cvd.clamav.net
16 AllowSupplementaryGroups false
17 PidFile /var/run/clamav/freshclam.pid
18 ConnectTimeout 30
19 ReceiveTimeout 30
20 ScriptedUpdates yes
21 CompressLocalDatabase no
22 # Check for new database 24 times a day
23 Checks 24
24 DatabaseMirror db.local.clamav.net
25 DatabaseMirror database.clamav.net
[...@interrupt:/etc/clamav]$ cat -n clamd.conf
(04-15 11:49)
1 #Automatically Generated by clamav-base postinst
2 #To reconfigure clamd run #dpkg-reconfigure clamav-base
3 #Please read /usr/share/doc/clamav-base/README.Debian.gz for
details
4 LocalSocket /var/run/clamav/clamd.ctl
5 FixStaleSocket true
6 TemporaryDirectory /tmp
7 User clamav
8 AllowSupplementaryGroups true
9 ScanMail true
10 ScanArchive true
11 ArchiveLimitMemoryUsage false
12 ArchiveBlockEncrypted false
13 MaxDirectoryRecursion 15
14 FollowDirectorySymlinks false
15 FollowFileSymlinks false
16 ReadTimeout 180
17 MaxThreads 12
18 MaxConnectionQueueLength 15
19 StreamMaxLength 10M
20 LogSyslog false
21 LogFacility LOG_LOCAL6
22 LogClean false
23 LogVerbose false
24 PidFile /var/run/clamav/clamd.pid
25 DatabaseDirectory /var/lib/clamav
26 SelfCheck 3600
27 Foreground false
28 Debug false
29 ScanPE true
30 ScanOLE2 true
31 ScanHTML true
32 DetectBrokenExecutables false
33 MailFollowURLs false
34 ExitOnOOM false
35 LeaveTemporaryFiles false
36 AlgorithmicDetection true
37 ScanELF true
38 IdleTimeout 30
39 PhishingSignatures true
40 PhishingScanURLs true
41 PhishingAlwaysBlockSSLMismatch false
42 PhishingAlwaysBlockCloak false
43 DetectPUA false
44 ScanPartialMessages false
45 HeuristicScanPrecedence false
46 StructuredDataDetection false
47 LogFile /var/log/clamav/clamav.log
48 LogTime true
49 LogFileUnlock false
50 LogFileMaxSize 0
--
Cheers,
Ishwor Gurung
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
