« previous next »

Pages: [1] 2 3 All Go Down

[SOLVED][ClamAV] suppress checking ibay?

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« on: October 05, 2006, 12:30:31 AM »

How may I suppress ClamAV's checking of a particular ibay?
For instance would one of the templates
/etc/e-smith/templates/etc/clamd.conf/
achieve this suppression or must I use a new specific template?

[postedit] Summary http://forums.contribs.org/index.php?topic=34047.msg146180#msg146180

Logged

Gaston94

184
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #1 on: October 05, 2006, 10:53:38 AM »

Hi,
Clamav scan is led by some configuration options, have a look at this

[root@sme94 ~]# /sbin/e-smith/db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var

so you can add any other paths :


[root@sme94 ~]# db configuration setprop clamav FilesystemScanExclude \
/proc,/sys,/usr/share,/var, \
/home/e-smith/files/ibays/iso, \
/home/e-smith/files/ibays/archive

for instance will prevent these ibays to be scanned

G.

Logged

piran

502
+0/-0

[SOLVED]

« Reply #2 on: October 05, 2006, 10:56:28 AM »

My thanks, otherwise it takes more than 5 days work from one CPU...;~)

Logged

william_syd

1,608
+0/-0
Nothing to see here.

[SOLVED][ClamAV] suppress checking ibay?

« Reply #3 on: October 05, 2006, 11:42:44 AM »

Is there someway this can be used to exclude every users junkmail folder ?

Logged

Regards,
William

IF I give advise.. It's only if it was me....

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #4 on: October 06, 2006, 09:43:17 AM »

Not solved after all;~/

Just missed the midnight check so I implemented a ClamAV run manually.

[root@teri /]# clamscan -r /home --quiet
ClamAV was still running in the morning (should take about 10mins?).

[root@teri /]# db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays

As the suppress checking of ibays apparently didn't work, cannot guarantee
the suppress checking of /mnt is working either (messes up backups).

Is the manual implementation of ClamAV different from what runs normally?

In case this is needed...

[root@teri /]# config show clamav
clamav=service
    ArchiveBlockEncrypted=no
    ArchiveBlockMax=no
    ArchiveMaxCompressionRatio=300
    ArchiveMaxFileSize=15M
    ArchiveMaxFiles=1500
    ArchiveMaxRecursion=8
    Checks=24
    DNSDatabaseInfo=current.cvd.clamav.net
    DatabaseMirror=db.local.clamav.net
    Debug=no
    DetectBrokenExecutables=no
    FilesystemScan=daily
    FilesystemScanExclude=/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
    FilesystemScanFilesystems=/
    FilesystemScanReportTo=admin
    Foreground=yes
    HTTPProxyPassword=
    HTTPProxyPort=
    HTTPProxyServer=
    HTTPProxyUsername=
    IdleTimeout=60
    LeaveTemporaryFiles=no
    LogClean=no
    LogFileUnlock=yes
    LogTime=no
    LogVerbose=yes
    MaxAttempts=6
    MaxConnectionQueueLength=30
    MaxDirectoryRecursion=20
    MaxThreads=20
    Quarantine=disabled
    QuarantineDirectory=/var/spool/clamav/quarantine
    ReadTimeout=300
    ScanArchive=yes
    ScanHTML=yes
    ScanMail=yes
    ScanOLE2=yes
    ScanPE=yes
    ScanRAR=no
    SelfCheck=1800
    ShowProxySettings=no
    ShowUpdateSettings=no
    SignaturesUpdated=unknown
    UpdateNonOfficeHrs=disabled
    UpdateOfficeHrs=disabled
    UpdateWeekend=disabled
    status=enabled
[root@teri /]#

Logged

william_syd

1,608
+0/-0
Nothing to see here.

[SOLVED][ClamAV] suppress checking ibay?

« Reply #5 on: October 06, 2006, 10:38:43 AM »

Did you expand the template after changing the database?

/sbin/e-smith/expand-template /etc/clamd.conf

The contents of /etc/clamd.conf will give you a better idea of what clamd will be doing than the db values.

[root@tiger ~]# more /etc/clamd.conf
#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
#ArchiveBlockEncrypted
#ArchiveBlockMax
ArchiveMaxCompressionRatio 300
ArchiveMaxFileSize 15M
ArchiveMaxFiles 1500
ArchiveMaxRecursion 8
DatabaseDirectory /var/clamav
#Debug
#DetectBrokenExecutables
FixStaleSocket
Foreground
IdleTimeout 60
#LeaveTemporaryFiles
LocalSocket /var/clamav/clamd.socket
#LogClean
LogFile /dev/stderr
LogFileMaxSize 0
LogFileUnlock
#LogTime
LogVerbose
MaxConnectionQueueLength 30
MaxDirectoryRecursion 20
MaxThreads 20
ReadTimeout 300
ScanArchive
ScanHTML

#ScanMail

ScanOLE2
ScanPE
#ScanRAR

SelfCheck 1800
# Close the connection if this limit is exceeded.
StreamMaxLength 25M
#TCPAddr 127.0.0.1
#TCPSocket 3310
TemporaryDirectory /var/tmp
User clamav
AllowSupplementaryGroups
[root@tiger ~]#

Logged

Regards,
William

IF I give advise.. It's only if it was me....

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #6 on: October 06, 2006, 11:50:17 AM »

No, I ran this afterwards...

signal-event clamav-update
...but it was really only a guess,
I thought this command was the 'new expand'.
Will try over again.

Logged

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #7 on: October 06, 2006, 12:00:59 PM »

I cannot see any suppress directory information in

/etc/clamd.conf
whether this is before or after running either

signal-event clamav-update

/sbin/e-smith/expand-template /etc/clamd.conf
The db get command shows my suppress directory information:

[root@teri etc]# db configuration getprop clamav FilesystemScanExclude
/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
[root@teri etc]#

Unfortunately ClamAV doesn't take a blind bit of notice, running

clamscan -r /home
and viewing the checking live I see ClamAV running through the ibays;~/

Logged

william_syd

1,608
+0/-0
Nothing to see here.

[SOLVED][ClamAV] suppress checking ibay?

« Reply #8 on: October 06, 2006, 01:20:56 PM »

Quote from: "Gaston94"

Hi,
Clamav scan is led by some configuration options, have a look at this
Code: [Select]
[root@sme94 ~]# /sbin/e-smith/db configuration getprop clamav FilesystemScanExclude /proc,/sys,/usr/share,/var
so you can add any other paths :
Code: [Select]
[root@sme94 ~]# db configuration setprop clamav FilesystemScanExclude \ /proc,/sys,/usr/share,/var, \ /home/e-smith/files/ibays/iso, \ /home/e-smith/files/ibays/archive

for instance will prevent these ibays to be scanned

G.

Which template fragment uses the property FilesystemScanExclude?

Logged

Regards,
William

IF I give advise.. It's only if it was me....

Gaston94

184
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #9 on: October 06, 2006, 02:32:01 PM »

well, William,

Quote from: "william_syd"

Which template fragment uses the property FilesystemScanExclude?

You are definitely right
It does not look like corresponding to any thing. Butwhy is it in the db config parameters

From clamd.conf I retrieve the "ClamukoExcludePath" directive which should be the correct one.

@piran,
could you check the below commands and advice ?

# mkdir -p /etc/e-smith/templates-custom/etc/clamd.conf
# cat > /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
{
# Set the exclude paths. All subdirectories are also excluded.
    "ClamukoExcludePath /home/e-smith/files/ibays";
}
^D ## this is a Control-D keystroke
# /sbin/e-smith/expand-template /etc/clamd.conf
# /sbin/e-smith/signal-event clamav-update

(check after pasting that you have no control characters in the file ...)

G.[/code]

Logged

Gaston94

184
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #10 on: October 06, 2006, 02:32:59 PM »

double post

Logged

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #11 on: October 06, 2006, 03:19:29 PM »

Scratching head;~)
Followed instructions (I think).
There is nothing in the mkdir file area.
But the contents of /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath
consist only of...
{
# Set the exclude paths. All subdirectories are also excluded.
"ClamukoExcludePath /home/e-smith/files/ibays";
}
...and nothing else.
Template expanded.
Signal evented.
Manual run of ClamAV still goes through the ibays.

Logged

william_syd

1,608
+0/-0
Nothing to see here.

[SOLVED][ClamAV] suppress checking ibay?

« Reply #12 on: October 06, 2006, 03:25:38 PM »

Quote from: "Gaston94"

From clamd.conf I retrieve the "ClamukoExcludePath" directive which should be the correct one.

@piran,
could you check the below commands and advice ?
Code: [Select]
# mkdir -p /etc/e-smith/templates-custom/etc/clamd.conf # cat > /etc/e-smith/templates/etc/clamd.conf/ClamukoExcludePath { # Set the exclude paths. All subdirectories are also excluded. "ClamukoExcludePath /home/e-smith/files/ibays"; } ^D ## this is a Control-D keystroke # /sbin/e-smith/expand-template /etc/clamd.conf # /sbin/e-smith/signal-event clamav-update

(check after pasting that you have no control characters in the file ...)

G.[/code]

Clamuko.. Hmm. Appears to be some sort of 'on access' scanning... not a scheduled file system scan.

I could be wrong.

Logged

Regards,
William

IF I give advise.. It's only if it was me....

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #13 on: October 06, 2006, 03:37:58 PM »




[root@teri etc]# config show clamav
clamav=service
    ArchiveBlockEncrypted=no
    ArchiveBlockMax=no
    ArchiveMaxCompressionRatio=300
    ArchiveMaxFileSize=15M
    ArchiveMaxFiles=1500
    ArchiveMaxRecursion=8
    Checks=24
    DNSDatabaseInfo=current.cvd.clamav.net
    DatabaseMirror=db.local.clamav.net
    Debug=no
    DetectBrokenExecutables=no
    FilesystemScan=daily
    FilesystemScanExclude=/proc,/sys,/usr/share,/var,/mnt,/home/e-smith/files/ibays
    FilesystemScanFilesystems=/
    FilesystemScanReportTo=admin
    Foreground=yes
    HTTPProxyPassword=
    HTTPProxyPort=
    HTTPProxyServer=
    HTTPProxyUsername=
    IdleTimeout=60
    LeaveTemporaryFiles=no
    LogClean=no
    LogFileUnlock=yes
    LogTime=no
    LogVerbose=yes
    MaxAttempts=6
    MaxConnectionQueueLength=30
    MaxDirectoryRecursion=20
    MaxThreads=20
    Quarantine=disabled
    QuarantineDirectory=/var/spool/clamav/quarantine
    ReadTimeout=300
    ScanArchive=yes
    ScanHTML=yes
    ScanMail=yes
    ScanOLE2=yes
    ScanPE=yes
    ScanRAR=no
    SelfCheck=1800
    ShowProxySettings=no
    ShowUpdateSettings=no
    SignaturesUpdated=unknown
    UpdateNonOfficeHrs=disabled
    UpdateOfficeHrs=disabled
    UpdateWeekend=disabled
    status=enabled
[root@teri etc]# pico clamd.conf
[root@teri etc]#

#------------------------------------------------------------
#              !!DO NOT MODIFY THIS FILE!!
#
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at http://wiki.contribs.org/development/
#
# Copyright (C) 1999-2006 Mitel Networks Corporation
#------------------------------------------------------------
#ArchiveBlockEncrypted
#ArchiveBlockMax
ArchiveMaxCompressionRatio 300
ArchiveMaxFileSize 15M
ArchiveMaxFiles 1500
ArchiveMaxRecursion 8
ClamukoExcludePath /home/e-smith/files/ibays
DatabaseDirectory /var/clamav
#Debug
#DetectBrokenExecutables
FixStaleSocket
Foreground
IdleTimeout 60
#LeaveTemporaryFiles
LocalSocket /var/clamav/clamd.socket
#LogClean
LogFile /dev/stderr
LogFileMaxSize 0
LogFileUnlock
#LogTime
LogVerbose
MaxConnectionQueueLength 30
MaxDirectoryRecursion 20
MaxThreads 20
ReadTimeout 300
ScanArchive
ScanHTML

ScanMail

ScanOLE2
ScanPE
#ScanRAR

SelfCheck 1800
# Close the connection if this limit is exceeded.
StreamMaxLength 25M
#TCPAddr 127.0.0.1
#TCPSocket 3310
TemporaryDirectory /var/tmp
User clamav
AllowSupplementaryGroups

Logged

piran

502
+0/-0

[SOLVED][ClamAV] suppress checking ibay?

« Reply #14 on: October 06, 2006, 03:52:49 PM »

The two reporting areas seem different.
ie one comments out scans of RAR (#ScanRAR)
the other ScanRAR=no
but last night I saw some warning text about
RAR checking (something about levels or versions).
Config areas not matched or synchronised?

Logged

Pages: [1] 2 3 All Go Up

« previous next »