[clamav-users] clamonaccess scanning doesnot see /tmp/eicar.com

Maarten Broekman maarten.broekman at gmail.com
Tue Jul 7 09:47:14 UTC 2020 

If my understanding is correct, then the IncludePath will only cause the monitoring of directories that are not mount points.
But because /tmp is a mounted filesystem, IncludePath might be monitoring the directory underneath the mounted filesystem (if it is monitoring anything at all), NOT the mounted filesystem.

A quick test would be for you to unmount /tmp and drop the test file into /tmp without restarting ClamAV. If it detects it, then ClamAV was monitoring the underlying directory. If it doesn’t detect it, then ClamAV is testing to see if a directory is a mount point and ignoring it if the path is a mount point. 

Maarten Broekman

Sent from a tiny keyboard

> On Jul 7, 2020, at 04:40, Eric van Rheenen via clamav-users <clamav-users at lists.clamav.net> wrote:
> 
> 
> Hello,
> Hope this clearify it more.
>  
> I use following curl version:
> [erirhe1d at gglvboft001 tmp]$ curl -V
> curl 7.68.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.68.0-DEV OpenSSL/1.0.2k-fips zlib/1.2.7 libssh2/1.8.0
> Release-Date: [unreleased]
> Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
> Features: AsynchDNS HTTPS-proxy Largefile libz NTLM NTLM_WB SSL UnixSockets
>  
> My /etc/clamd.d/scan.conf (comment stripped)
>  
> LogFile /var/log/clamav/clamd.scan.log
> LogFileMaxSize 2M
> LogTime yes
> LogSyslog yes
> LogRotate yes
> ExtendedDetectionInfo yes
> PidFile /var/run/clamd.scan/clamd.pid
> TemporaryDirectory /tmp
> DatabaseDirectory /var/lib/clamav
>  
> LocalSocket /var/run/clamd.scan/clamd.sock
> LocalSocketGroup virusgroup
> LocalSocketMode 660
> FixStaleSocket yes
>  
> ExcludePath ^/proc/
> ExcludePath ^/sys/
>  
> User clamscan
>  
> AlertBrokenExecutables yes
> AlertEncrypted yes
> AlertEncryptedArchive yes
> AlertEncryptedDoc yes
>  
> ScanELF yes
> ScanHTML yes
>  
> OnAccessIncludePath /bin
> OnAccessIncludePath /sbin
> OnAccessIncludePath /boot
> OnAccessIncludePath /data
> OnAccessIncludePath /etc
> OnAccessIncludePath /lib
> OnAccessIncludePath /lib64
> OnAccessIncludePath /srv
> OnAccessIncludePath /tmp
> OnAccessIncludePath /usr
> OnAccessIncludePath /var
>  
> OnAccessExcludePath /proc
> OnAccessExcludePath /sys
>  
> OnAccessExtraScanning yes
>  
> OnAccessExcludeRootUID yes
>  
> OnAccessExcludeUID 994
>  
> OnAccessExcludeUname clamav
> OnAccessExcludeUname clamscan
>  
> Bytecode yes
>  
>  
> File: /var/log/messages
> Jul  7 09:52:14 gglvboft001 systemd: Starting clamd scanner (scan) daemon...
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Received 0 file descriptor(s) from systemd.
> Jul  7 09:52:14 gglvboft001 clamd[13246]: clamd daemon 0.102.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Running as user clamscan (UID 994, GID 988)
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Log file size limited to 2097152 bytes.
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Reading databases from /var/lib/clamav
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Not loading PUA signatures.
> Jul  7 09:52:14 gglvboft001 clamd[13246]: Bytecode: Security mode set to "TrustSigned".
> Jul  7 09:52:26 gglvboft001 clamd[13246]: Loaded 7752884 signatures.
> Jul  7 09:52:28 gglvboft001 clamd[13246]: LOCAL: Unix socket file /var/run/clamd.scan/clamd.sock
> Jul  7 09:52:28 gglvboft001 clamd[13246]: LOCAL: Setting connection queue length to 200
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: Global time limit set to 120000 milliseconds.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: Global size limit set to 104857600 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: File size limit set to 26214400 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: Recursion level limit set to 16.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: Files limit set to 10000.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxPartitions limit set to 50.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxIconsPE limit set to 100.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: MaxRecHWP3 limit set to 16.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: PCREMatchLimit limit set to 100000.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: PCRERecMatchLimit limit set to 2000.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Limits: PCREMaxFileSize limit set to 26214400.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Archive support enabled.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Alerting of encrypted archives _and_ documents enabled.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Alerting of encrypted archives _and_ documents enabled.
> Jul  7 09:52:28 gglvboft001 clamd[13259]: Alerting of encrypted documents enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: AlertExceedsMax heuristic detection disabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: Heuristic alerts enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: Portable Executable support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: ELF support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: Alerting on broken executables enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: Mail files support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: OLE2 support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: PDF support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: SWF support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: HTML support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: XMLDOCS support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: HWP3 support enabled.
> Jul  7 09:52:29 gglvboft001 clamd[13259]: Self checking every 600 seconds.
> Jul  7 09:52:31 gglvboft001 systemd: Started clamd scanner (scan) daemon.
> Jul  7 09:52:41 gglvboft001 systemd: Started Clam AntiVirus userspace daemon for OnAccess Scanning.
> Jul  7 09:52:41 gglvboft001 clamonacc: ClamInotif: watching '/bin' (and all sub-directories)
> Jul  7 09:52:41 gglvboft001 clamonacc: ClamInotif: watching '/sbin' (and all sub-directories)
> Jul  7 09:52:41 gglvboft001 clamonacc: ClamInotif: watching '/boot' (and all sub-directories)
> Jul  7 09:52:41 gglvboft001 clamonacc: ClamInotif: watching '/data' (and all sub-directories)
> Jul  7 09:52:42 gglvboft001 clamonacc: ClamInotif: watching '/etc' (and all sub-directories)
> Jul  7 09:52:42 gglvboft001 clamonacc: ClamInotif: watching '/lib' (and all sub-directories)
> Jul  7 09:52:42 gglvboft001 clamonacc: ClamInotif: watching '/lib64' (and all sub-directories)
> Jul  7 09:52:42 gglvboft001 clamonacc: ClamInotif: watching '/srv' (and all sub-directories)
> Jul  7 09:52:42 gglvboft001 clamonacc: ClamInotif: watching '/tmp' (and all sub-directories)
> Jul  7 09:52:43 gglvboft001 clamonacc: ClamInotif: watching '/usr' (and all sub-directories)
> Jul  7 09:52:43 gglvboft001 clamonacc: ClamInotif: watching '/var' (and all sub-directories)
> Jul  7 09:55:27 gglvboft001 su: (to root) erirhe1d on pts/0
>  
>  
> My test:
> [erirhe1d at gglvboft001 tmp]$ date
> Tue Jul  7 09:54:39 CEST 2020
> [erirhe1d at gglvboft001 tmp]$ ls -lia eicar.com
> 118 -rw-r--r--. 1 erirhe1d erirhe1d 68 Jul  3 09:42 eicar.com
> [erirhe1d at gglvboft001 tmp]$ cp eicar.com eicar1.com
> [erirhe1d at gglvboft001 tmp]$ cat eicar.com
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*[erirhe1d at gglvboft001 tmp]$
> [erirhe1d at gglvboft001 tmp]$ more eicar.com
> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
> [erirhe1d at gglvboft001 tmp]$
> [erirhe1d at gglvboft001 tmp]$ date
> Tue Jul  7 09:55:20 CEST 2020
> [erirhe1d at gglvboft001 tmp]$
>  
> No warning in /var/log/messages ?????
>  
> Now commented out "OnAccessIncludePath" and set "OnAccessMountPath" in /etc/clamd.d/scan.conf.
> Restarted clamd at scan and clamonacc.
>  
> OnAccessMountPath /boot
> OnAccessMountPath /
> OnAccessMountPath /srv
> OnAccessMountPath /var
> OnAccessMountPath /tmp
> OnAccessMountPath /data
> OnAccessMountPath /var/log/audit
>  
> /var/log/messages:
> Jul  7 10:02:06 gglvboft001 systemd: Starting clamd scanner (scan) daemon...
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Received 0 file descriptor(s) from systemd.
> Jul  7 10:02:06 gglvboft001 clamd[13861]: clamd daemon 0.102.3 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Running as user clamscan (UID 994, GID 988)
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Log file size limited to 2097152 bytes.
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Reading databases from /var/lib/clamav
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Not loading PUA signatures.
> Jul  7 10:02:06 gglvboft001 clamd[13861]: Bytecode: Security mode set to "TrustSigned".
> Jul  7 10:02:18 gglvboft001 clamd[13861]: Loaded 7752884 signatures.
> Jul  7 10:02:21 gglvboft001 clamd[13861]: LOCAL: Unix socket file /var/run/clamd.scan/clamd.sock
> Jul  7 10:02:21 gglvboft001 clamd[13861]: LOCAL: Setting connection queue length to 200
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: Global time limit set to 120000 milliseconds.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: Global size limit set to 104857600 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: File size limit set to 26214400 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: Recursion level limit set to 16.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: Files limit set to 10000.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxEmbeddedPE limit set to 10485760 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxHTMLNormalize limit set to 10485760 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxHTMLNoTags limit set to 2097152 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxScriptNormalize limit set to 5242880 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxZipTypeRcg limit set to 1048576 bytes.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxPartitions limit set to 50.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxIconsPE limit set to 100.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: MaxRecHWP3 limit set to 16.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: PCREMatchLimit limit set to 100000.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: PCRERecMatchLimit limit set to 2000.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Limits: PCREMaxFileSize limit set to 26214400.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Archive support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Alerting of encrypted archives _and_ documents enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Alerting of encrypted archives _and_ documents enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Alerting of encrypted documents enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: AlertExceedsMax heuristic detection disabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Heuristic alerts enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Portable Executable support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: ELF support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Alerting on broken executables enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Mail files support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: OLE2 support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: PDF support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: SWF support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: HTML support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: XMLDOCS support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: HWP3 support enabled.
> Jul  7 10:02:21 gglvboft001 clamd[13874]: Self checking every 600 seconds.
> Jul  7 10:02:23 gglvboft001 systemd: Started clamd scanner (scan) daemon.
> Jul  7 10:02:33 gglvboft001 systemd: Started Clam AntiVirus userspace daemon for OnAccess Scanning.
> Jul  7 10:02:59 gglvboft001 clamd[13874]: lstat() failed on: /var/spool/postfix/maildrop/DF960218984
> Jul  7 10:02:59 gglvboft001 clamd[13874]: lstat() failed on: /var/spool/postfix/incoming/E5C134E
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13774 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:02:59 gglvboft001 clamonacc: ClamMisc: $/proc/13943 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:00 gglvboft001 clamd[13874]: lstat() failed on: /var/spool/postfix/maildrop/DF960218984
> Jul  7 10:03:25 gglvboft001 clamd[13874]: /tmp/eicar.com: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND
> Jul  7 10:03:25 gglvboft001 clamonacc: /tmp/eicar.com: Win.Test.EICAR_HDB-1 FOUND
> Jul  7 10:03:25 gglvboft001 clamd[13874]: /tmp/eicar2.com: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f: 68) FOUND
> Jul  7 10:03:25 gglvboft001 clamonacc: /tmp/eicar2.com: Win.Test.EICAR_HDB-1 FOUND
> Jul  7 10:03:41 gglvboft001 su: (to root) erirhe1d on pts/0
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13990 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13992 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13992 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/13998 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14003 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
> Jul  7 10:03:41 gglvboft001 clamonacc: ClamMisc: $/proc/14006 vanished before UIDs could be excluded; scanning anyway
>  
> My test:
> [erirhe1d at gglvboft001 tmp]$ date
> Tue Jul  7 10:03:15 CEST 2020
> [erirhe1d at gglvboft001 tmp]$ cp eicar.com eicar2.com
> [erirhe1d at gglvboft001 tmp]$ date
> Tue Jul  7 10:03:36 CEST 2020
>  
> My disks:
> [root at gglvboft001 ~]# lsblk
> NAME                 MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
> sda                    8:0    0   20G  0 disk
> ├─sda1                 8:1    0  512M  0 part /boot
> └─sda2                 8:2    0 19.5G  0 part
>   ├─system-lv--root  253:0    0    8G  0 lvm  /
>   ├─system-lv--swap  253:1    0    2G  0 lvm  [SWAP]
>   ├─system-lv--srv   253:4    0    2G  0 lvm  /srv
>   ├─system-lv--var   253:5    0    4G  0 lvm  /var
>   └─system-lv--tmp   253:6    0    2G  0 lvm  /tmp
> sdb                    8:16   0  100G  0 disk
> └─sdb1                 8:17   0  100G  0 part
>   ├─datavg-lv--data  253:2    0    4G  0 lvm  /data
>   └─datavg-lv--audit 253:3    0    1G  0 lvm  /var/log/audit
>  
> [erirhe1d at gglvboft001 tmp]$
>  
> Met vriendelijke groet,
>  
> Eric van Rheenen
> Linux beheer
> Raadhuisplein 10, 9751AN Haren
>  
> E-Mail: Eric.van.Rheenen at groningen.nl
>              Ericvan.Rheenen at ts.fujitsu.com
> Telefoon: +31 (0)6 1640 2686
>  
> 
> _______________________________________________
> 
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
> 
> 
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
> 
> http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20200707/b4585822/attachment.htm>

More information about the clamav-users mailing list