[clamav-users] ScanOnAccess: ... (null) FOUND
Kretschmer, Jens
kretschmer.jens at siemens.com
Thu Aug 9 08:03:25 UTC 2018
> Do you have the OnAccessExtraScanning option on by chance?
Yes, OnAccessExtraScanning is turned on.
I was able to reproduce this behavior on a different machine. It uses the same configuration as the first machine (the clamconf output can be found in my previous E-Mail).
I rebooted the machine yesterday at 13:45 and left it untouched. I did not even log in. Today I logged in via ssh and the first ScanOnAccess message since the reboot in the journal was:
Aug 09 09:36:47 hostname2 clamd[8888]: SelfCheck: Database status OK.
Aug 09 09:37:24 hostname2 clamd[8888]: ScanOnAccess: Performing additional scanning on file '/home/user1/.sh_histdir/hostname2.0'
Aug 09 09:37:24 hostname2 clamd[8888]: ScanOnAccess: /home/user1/.sh_histdir/hostname2.0: (null) FOUND
Aug 09 09:39:34 hostname2 clamd[8888]: ScanOnAccess: Performing additional scanning on file '/home/user1/test2'
Aug 09 09:39:34 hostname2 clamd[8888]: ScanOnAccess: /home/user1/test2: (null) FOUND
On the first machine I restarted clamd at scan yesterday 13:32:05 and ran the following script
#!/bin/ksh
file="testfile.txt"
while true; do
echo "test123" > $file
sync
rm $file
done
after about 13 hours clamd starts to show only the messages: "ScanOnAccess: Unable to kick off extra scanning."
Aug 09 02:40:37 hostname1 clamd[15866]: ScanOnAccess: Performing additional scanning on file '/home/user1/test/testfile.txt'
Aug 09 02:40:38 hostname1 clamd[15866]: ScanOnAccess: Performing additional scanning on file '/home/user1/test/testfile.txt'
Aug 09 02:40:39 hostname1 clamd[15866]: ScanOnAccess: Unable to kick off extra scanning.
Aug 09 02:40:39 hostname1 clamd[15866]: ScanOnAccess: Unable to kick off extra scanning.
Best regards,
Jens
More information about the clamav-users
mailing list