On 03Jul2011 19:00, Paul Allen Newell <pnewell@xxxxxxxxxx> wrote: | > I expect it varies depending on what clamscan thinks is needs to scan | > each time. | > Do you run prelink? It hacks binaries about on a regular basis and may | > be causing clamscan to be more active. | | If I am running prelink, I don't know it. | Your "varies" comment makes | sense and I am not paying too much attention to it right now Try saying: rpm -q prelink If it is installed (it is by default on RH) it has a daily crontab entry; it used to trip our integrity checker regularly as binaries changed. That said, I think it should only muck things about if libraries get updated. | > | The second question is why wouldn't selinux be defaulted to allow clamav | > | given that's what Fedora seems to be suggesting/using? | > | > Maybe it is, if it runs from /etc/init.d or something. Is clamav a | > fedora supplied package? If so, why is it run from rc.local instead of | > via a conventional presupplied chkconfig-controlled start/stop script? | > | It isn't part of the default "fresh" install, so I have to yum install | it after. [...] It's still Fedora supplied if you don't need an extra repository to obtain it. | The choice of rc.local is mine as I want it to happen at least once per | time I use this F14 computer and don't want to have to su to root and | manually run each time. | | I've seen mention of chkconfig but know nothing about it ... and haven't | been able to see any reason why rc.local isn't a reasonable choice for | doing freshclam and clamscan rc.local is only a problem because of the selinux difficulties you're having. Regarding chkconfig, it's a tool to control which start/stop scripts get run at different run levels, and therefor at boot. Try this: chkconfig --list Does clamav show in the list? A normal Fedora boot goes to runlevel 3 (text mode login) or 5 (GUI login). So if you want clamav to run at boot, chkconfig should show it as "on" for runlevels 3 and/or 5, usually both. Ths command: chkconfig --level 35 clamav on would do this (presuming "clamav" to be the relevant name listed by "chkconfig --list" above - adjust to suit). of course, it would still be useful to figure out the best selinux incantation required to allow rc.local invocation of clamav... Cheers, -- Cameron Simpson <cs@xxxxxxxxxx> DoD#743 http://www.cskk.ezoshosting.com/cs/ I thought back to other headaches from my past and sneered at their ineffectiveness. - Harry Harrison -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
