Hallo Leute,
ich habe hier ein kleines Problem mit clamav-0.92~dfsg-2 und
dazuko-2.3.4. Auf verschiedenen Rechnern laeuft alles normal auf
anderen wird mir syslog, kern.log und messages zugemuellt.
laptop muellt zu:
Mobile Athlon XP +3000
Vanilla Kernel 2.6.23.9-k7
Host1 funzt alles:
P3
Vanilla Kernel 2.6.21.5-686
dazuko configure Parameter -
./configure --enable-chroot-support --enable-debug \
--enable-event-close --enable-event-close-modified \
--enable-event-exec --enable-event-open \
--enable-event-rmdir --enable-event-unlink \
--enable-local-dpath --enable-stacking --enable-syscalls \
--enable-trusted --mapfile="$MAP_FILE"
/var/log/messages:
Feb 7 07:02:36 suffbook kernel: [ 635.323328] dazuko: we have full
path at loop=2, pipe:
Feb 7 07:02:36 suffbook kernel: [ 635.323966] dazuko:
xp_fill_file_struct returning 0
Feb 7 07:02:36 suffbook kernel: [ 635.325237] dazuko:
dazuko_get_filename_dentry returning 1
Feb 7 07:02:36 suffbook kernel: [ 635.325870] dazuko: we have full
path at loop=1, /dev/null
Feb 7 07:02:36 suffbook kernel: [ 635.326505] dazuko:
xp_fill_file_struct returning 0
Feb 7 07:02:36 suffbook kernel: [ 635.328747] dazuko: we have full
path at loop=2, pipe:
Hat da jemand Ahnung was das heisst? Google bringt mir immer nur die
Source Code Dateien, die ich nicht verstehe. Das ganze passiert auch
wenn ich dazuko mit --disable-debug kompiliere. Beide Kernel
unterstuetzen keinen lokalen __d_path export.
Konfiguration clamd.conf (laptop):
LocalSocket /var/run/clamav/clamd.ctl
FixStaleSocket true
#User clamav
User root
AllowSupplementaryGroups true
ScanMail true
ScanArchive true
ArchiveMaxRecursion 5
ArchiveMaxFiles 1000
ArchiveMaxFileSize 10M
ArchiveMaxCompressionRatio 250
ArchiveLimitMemoryUsage false
ArchiveBlockEncrypted true
MaxDirectoryRecursion 15
FollowDirectorySymlinks false
FollowFileSymlinks false
ReadTimeout 180
MaxThreads 12
MaxConnectionQueueLength 15
StreamMaxLength 10M
DetectBrokenExecutables true
MailFollowURLs false
ArchiveBlockMax true
ExitOnOOM false
LeaveTemporaryFiles false
AlgorithmicDetection true
IdleTimeout 30
MailMaxRecursion 64
PhishingSignatures true
PhishingScanURLs true
PhishingRestrictedScan true
PhishingAlwaysBlockSSLMismatch false
PhishingAlwaysBlockCloak false
DetectPUA false
LogFile /var/log/clamav/clamav.log
LogSyslog false
LogFacility LOG_LOCAL6
LogClean true
LogTime true
LogFileUnlock false
LogFileMaxSize 4092000
LogVerbose false
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
SelfCheck 3600
ScanOLE2 true
ScanPE true
DetectBrokenExecutables true
ScanELF true
ScanHTML true
TemporaryDirectory /tmp
Foreground false
Debug false
VirusEvent /bin/mv %v /var/spool/system/virus &
# Enable Clamuko. Dazuko (/dev/dazuko) must be configured and running.
# # Set access mask for Clamuko.
ClamukoScanOnOpen true
ClamukoScanOnClose true
ClamukoScanOnExec true
ClamukoScanOnAccess true
# Limit the file size to be scanned (probably you don't want to scan your movie
# files ;))
# Value of 0 disables the limit. 1 Mb should be fine.
ClamukoMaxFileSize 2M
ClamukoIncludePath /var
ClamukoIncludePath /usr
ClamukoIncludePath /home
#ClamukoExcludePath /proc
#ClamukoExcludePath /sys
#ClamukoExcludePath /mnt
Danke schon mal im vorraus.
mfg Kiste
--
#######################################################################
Netzworkk grml - Linux Live CD fuer Sysadmins
Kai Wilke http://grml.org
kiste@netzworkk.de
http://www.netzworkk.de
http://netzworkk.berlios.de
Attachment:
signature.asc
Description: Digital signature