On Tuesday 17 June 2008 12:16, Ralph Angenendt wrote:
> Simon Banton wrote:
> >> Every day I see in logwatch that my signatures are updated, and the
> >> database notified, but if I try to scan a file manually it tells me that
> >> my signatures are 55 days old.
> >
> > I think clamscan looks for the db files in a compiled-in default
> > location of /usr/local/share/clamav and doesn't consult the clamd.conf or
> > freshclam.conf files (after all, why would it?)
>
> It does at least open freshclam.conf (which means that that one must be
> *readable* by the user running clamscan:
>
> admin@mail-gw-3:~$strace -eopen clamscan
> open("/etc/ld.so.cache", O_RDONLY) = 3
> open("/usr/lib/libclamav.so.4", O_RDONLY) = 3
> open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
> open("/lib/tls/libc.so.6", O_RDONLY) = 3
> open("/usr/lib/libz.so.1", O_RDONLY) = 3
> open("/usr/lib/libbz2.so.1", O_RDONLY) = 3
> open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3
> open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3
> open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3
> open("/etc/freshclam.conf", O_RDONLY) = 3
> open("/var/clamav/daily.cld", O_RDONLY) = 3
>
freshclam.conf was root:root, so I've fixed that. Running your strace command
gives me
strace -eopen clamscan
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/usr/lib/libclamav.so.4", O_RDONLY) = 3
open("/lib/libpthread.so.0", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3
open("/usr/lib/libbz2.so.1", O_RDONLY) = 3
open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3
open("/usr/lib/libz.so.1", O_RDONLY) = 3
open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3
open("/etc/freshclam.conf", O_RDONLY) = 3
open("/var/clamav/daily.cld", O_RDONLY) = 3
open("/var/clamav", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
open("/var/clamav/main.cvd", O_RDONLY) = 4
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/COPYING", O_WRONLY|O_CREAT|
O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.info", O_WRONLY|
O_CREAT|O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.db", O_WRONLY|O_CREAT|
O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.hdb", O_WRONLY|
O_CREAT|O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.mdb", O_WRONLY|
O_CREAT|O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.ndb", O_WRONLY|
O_CREAT|O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.zmd", O_WRONLY|
O_CREAT|O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.fp", O_WRONLY|O_CREAT|
O_TRUNC, 0666) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5", O_RDONLY|O_NONBLOCK|
O_LARGEFILE|O_DIRECTORY) = 5
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.zmd", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.mdb", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.db", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.ndb", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.fp", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.hdb", O_RDONLY) = 6
open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5", O_RDONLY|O_NONBLOCK|
O_LARGEFILE|O_DIRECTORY) = 5
open("/proc/meminfo", O_RDONLY) = 3
open("/root", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
open("/root/.xauthXN80U8", O_RDONLY) = 4
/root/.xauthXN80U8: OK
open("/root/.viminfo", O_RDONLY) = 4
/root/.viminfo: OK
open("/root/.bash_profile", O_RDONLY) = 4
/root/.bash_profile: OK
open("/root/iptables.orig", O_RDONLY) = 4
/root/iptables.orig: OK
open("/root/iptables.txt~", O_RDONLY) = 4
/root/iptables.txt~: OK
open("/root/iptables.txt", O_RDONLY) = 4
/root/iptables.txt: OK
open("/root/scan.txt", O_RDONLY) = 4
/root/scan.txt: OK
open("/root/.DCOPserver_borg2.lydgate.net__0", O_RDONLY) = 4
/root/.DCOPserver_borg2.lydgate.net__0: OK
open("/root/.serverauth.3061", O_RDONLY) = 4
/root/.serverauth.3061: OK
open("/root/.seaudit", O_RDONLY) = 4
/root/.seaudit: OK
open("/root/.bashrc", O_RDONLY) = 4
/root/.bashrc: OK
open("/root/.audacity", O_RDONLY) = 4
/root/.audacity: OK
open("/root/.rnd", O_RDONLY) = 4
/root/.rnd: OK
open("/root/.xauthhEtrij", O_RDONLY) = 4
/root/.xauthhEtrij: OK
open("/root/.cshrc", O_RDONLY) = 4
/root/.cshrc: OK
open("/root/.mcoprc", O_RDONLY) = 4
/root/.mcoprc: OK
open("/root/.fonts.conf", O_RDONLY) = 4
/root/.fonts.conf: OK
open("/root/.serverauth.3072", O_RDONLY) = 4
/root/.serverauth.3072: OK
open("/root/.tcshrc", O_RDONLY) = 4
/root/.tcshrc: OK
open("/root/install.log.syslog", O_RDONLY) = 4
/root/install.log.syslog: OK
open("/root/.xauthOUZGv0", O_RDONLY) = 4
/root/.xauthOUZGv0: OK
open("/root/.Xauthority", O_RDONLY) = 4
/root/.Xauthority: OK
open("/root/install.log", O_RDONLY) = 4
/root/install.log: OK
open("/root/.bash_logout", O_RDONLY) = 4
/root/.bash_logout: OK
open("/root/.serverauth.3046", O_RDONLY) = 4
/root/.serverauth.3046: OK
open("/root/.xauthSTMbGw", O_RDONLY) = 4
/root/.xauthSTMbGw: OK
open("/root/anaconda-ks.cfg", O_RDONLY) = 4
/root/anaconda-ks.cfg: OK
open("/root/.serverauth.3169", O_RDONLY) = 4
/root/.serverauth.3169: OK
open("/root/.lesshst", O_RDONLY) = 4
/root/.lesshst: OK
open("/root/.ICEauthority", O_RDONLY) = 4
/root/.ICEauthority: OK
open("/root/.bash_history", O_RDONLY) = 4
/root/.bash_history: OK
----------- SCAN SUMMARY -----------
Known viruses: 315716
Engine version: 0.93.1
Scanned directories: 1
Scanned files: 31
Infected files: 0
Data scanned: 0.05 MB
Time: 4.950 sec (0 m 4 s)
The message about signatures being ancient comes from ClamTK virus scanner.
Maybe there's some connection there that needs fixing?
I'm totally naive on this, so bear with me, please :-)
Anne
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
