[clamav-users] ScanOnAccess: ... (null) FOUND

Micah Snyder (micasnyd) micasnyd at cisco.com
Thu Mar 14 09:35:16 EDT 2019


Hi Franky,

Updating your signature set shouldn't affect this, although it is good to keep up to date.
We never did track down the cause of the (null) FOUND issue. 
We are presently working on migrating the on-access scanning code out of clamd and into a new, separate utility that will submit files to clamd to be scanned, much the way that clamdscan interacts with clamd.  We will have to keep an eye out for this or similar issues when the new on-access tool is complete.

-Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
 



On 3/13/19, 12:41 PM, "clamav-users on behalf of Franky Van Liedekerke via clamav-users" <clamav-users-bounces at lists.clamav.net on behalf of clamav-users at lists.clamav.net> wrote:

    Hi,
    
    I seem to be encountering the same issue someone described here:
    https://www.mail-archive.com/clamav-users@lists.clamav.net/msg46022.html
    
    For me the null-message arrived when switching to root:
    ScanOnAccess: /root/.bash_history: (null) FOUND
    
    I'm running on RHEL7 server, latest updates with versions:
    clamd-0.101.1-1.el7.x86_64
    
    The accompanying files (coming from clamav-data rpm):
    
    -rw-r--r--. 1 clamupdate clamupdate    199693 Jan 10 06:14 bytecode.cvd
    -rw-r--r--. 1 clamupdate clamupdate  53834626 Jan 10 06:14 daily.cvd
    -rw-r--r--. 1 clamupdate clamupdate 117892267 Jan  9  2018 main.cvd
    
    It seems the main.cvd is old, but I haven't run freshclam against this yet. Could that be the reason? Since it is an internal server, I first need to setup a proxy etc ... for freshclam to work.
    
    With friendly regards,
    
    Franky
    
    _______________________________________________
    
    clamav-users mailing list
    clamav-users at lists.clamav.net
    https://lists.clamav.net/mailman/listinfo/clamav-users
    
    
    Help us build a comprehensive ClamAV guide:
    https://github.com/vrtadmin/clamav-faq
    
    http://www.clamav.net/contact.html#ml
    



More information about the clamav-users mailing list