Topic: [SOLVED][ClamAV] suppress checking ibay?

[william_syd]

Look in /sbin/e-smith/smeserver-clamscan

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

[piran]

Code: [Select]


#!/usr/bin/perl -w
#----------------------------------------------------------------------
# Clam Antivirus virus scanner filesystem scanning.
#
# copyright (C) 2004 Shad L. Lords <slords@mail.com>
# Copyright (C) 2005 Gordon Rowell <gordonr@gormand.com.au>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License or more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA
#----------------------------------------------------------------------

use strict;
use esmith::ConfigDB;

my $db = esmith::ConfigDB->open_ro or die "Couldn't open ConfigDB";

my $filesystems = $db->get_prop("clamav", "FilesystemScanFilesystems") || '/';

my $MailReport = $db->get_prop("clamav", "FilesystemScanReportTo") || 'admin';

my $clamscan_opts = " --recursive --infected --stdout" .
                    " --log /var/log/clamd/clamscan.log";

my $quarantine_dir = $db->get_prop("clamav", "QuarantineDirectory") ||
                "/var/spool/clamav/quarantine";

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
                          "/proc,/sys,/usr/share/doc");

push @exclude, $quarantine_dir;

$clamscan_opts .= " --exclude $_" for (@exclude);

$clamscan_opts .= " --move=$quarantine_dir"
        if ($db->get_prop("clamav", "Quarantine") || "disabled") eq "enabled";

open CLAMSCAN, "-|", "nice /usr/bin/clamscan $clamscan_opts $filesystems 2>\&1";

my @report = <CLAMSCAN>;
close CLAMSCAN;

my $hostname = $db->get_value("SystemName") . "." .
        $db->get_value("DomainName");

my $date = localtime;

open MAIL, "| /bin/mail " .
        "-s \"[$hostname] Clam Antivirus Scan Results - $date\" $MailReport";

print MAIL @report;
close MAIL;




[Gaston94]

I could be wrong.

I only found two places where exclude paths for clamav.
this clamuko one
and the command line one :
 clamscan -r /home/e-smith/files/users --exclude /home/e-smith/files/ibays

G.

[piran]

Tried the command line option.
I saw ibay addresses appearing very briefly with : Excluded at the end.
That manually invoked test run finished in realtime (as opposed to 5days).

Code: [Select]


[root@teri /]#  clamscan -r /home --exclude /home/e-smith/files/ibays
----------- SCAN SUMMARY -----------
Known viruses: 71520
Engine version: 0.88.4
Scanned directories: 16020
Scanned files: 2032
Infected files: 0
Data scanned: 30.62 MB
Time: 77.804 sec (1 m 17 s)
[root@teri /]#


How to fix the automatic run at midnight...

[william_syd]

I could be wrong.

I only found two places where exclude paths for clamav.
this clamuko one
and the command line one :
 clamscan -r /home/e-smith/files/users --exclude /home/e-smith/files/ibays

G.

I think the command line one is the one that gets used.

Open two console terminals. In one run htop and in the other run /sbin/e-smith/smeserver-clamscan .

Clamscan should now be at the top of the list and you can see what command line parameters were used.

[william_syd]

Not solved after all;~/

Just missed the midnight check so I implemented a ClamAV run manually.

Code: [Select]

[root@teri /]# clamscan -r /home --quiet


Is the manual implementation of ClamAV different from what runs normally?

Yes.

Try

Code: [Select]

/sbin/e-smith/smeserver-clamscan

[piran]

The htop panel merely reflected whichever command line I used,
or do you mean for me to watch at midnight?

[Gaston94]

Will,

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

No

[william_syd]

Will,

Is there a difference between

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") ||
 "/proc,/sys,/usr/share/doc");
and

Code: [Select]

my @exclude = split /,/, ($db->get_prop("clamav", "FilesystemScanExclude") || "/proc,/sys,/usr/share/doc");

No

Thats funny.  

[piran]

@will Missed reading your earlier post...

Code: [Select]

[root@teri /]# /sbin/e-smith/smeserver-clamscan
...rather than just looking at the contents tried invoking it.
Had to horizontally scroll htop to read the whole line.
VERY LONG (too long?) and shows all the --excludes separately.
Is this the problem because the very last one looks truncated?
(might be htop or my PuTTY settings)

[william_syd]

The htop panel merely reflected whichever command line I used,
or do you mean for me to watch at midnight?

Use

Code: [Select]

/sbin/e-smith/smeserver-clamscan
by itself and htop will show your --exclude's as per the database.

[Gaston94]

Piran,

Not solved after all;~/

Code: [Select]

[root@teri /]# clamscan -r /home --quiet

Is the manual implementation of ClamAV different from what runs normally?

Yes,
the sme clamscan is finally  issuing the following command :

Code: [Select]


nice /usr/bin/clamscan  --recursive --infected --stdout \
--log /var/log/clamd/clamscan.log --exclude /proc \
 --exclude /sys --exclude /usr/share --exclude /var \
--exclude /var/spool/clamav/quarantine
--exclude /home/e-smith/files/ibays \
/
(with the extra exclusion from the db setprop we talked about)

G.
PS so my first post wath the correct solution, no ?

[william_syd]

Piran,

Not solved after all;~/

Code: [Select]

[root@teri /]# clamscan -r /home --quiet

Is the manual implementation of ClamAV different from what runs normally?

Yes,
the sme clamscan is finally  issuing the following command :

Code: [Select]


nice /usr/bin/clamscan  --recursive --infected --stdout \
--log /var/log/clamd/clamscan.log --exclude /proc \
 --exclude /sys --exclude /usr/share --exclude /var \
--exclude /var/spool/clamav/quarantine
--exclude /home/e-smith/files/ibays \
/
(with the extra exclusion from the db setprop we talked about)

G.
PS so my first post wath the correct solution, no ?

Yes.

Piran's use of clamscan sent me on a Goose chase..  

edit: Plus I only grep'ed /etc for the db property.

[piran]

Code: [Select]

/sbin/e-smith/smeserver-clamscan
...is that a good simulation of what occurs at midnight automatically?

[william_syd]

From man clamscan,

Code: [Select]

--exclude=PATT, --exclude-dir=PATT
              Don't scan file/directory names containing PATT. It may be used multiple times.


Is there a difference between --exclude=PATT and --exclude-dir=PATT ?

Interesting..
http://www.webservertalk.com/archive389-2006-2-1386908.html