[clamav-users] Thousands of log entries for real filename
Mark Fortescue
mark.lists at thurning-instruments.co.uk
Fri Sep 11 16:53:49 UTC 2020
Hi Royce,
There may be an issue with the way you are running clamonacc.
Scanning the hole filing system can cause recursion as the system may
try to re-scan the log every time it is updated generating a new log
entry or may try to scan special files that are not suitable for scanning.
Stop the clamonacc process.
Sort out a much smaller subset of directories that you need to scan and
you will avoid filling the log file due to user error while you learn
the pitfalls.
Read up on what files and parts of the filing system are suitable for
scanning as not all parts of a Linux filing system are suitable for
scanning.
Regards
Mark.
On 11/09/2020 17:39, Royce Souther via clamav-users wrote:
> I setup *clamd* running as the clamscan user. I have *clamonacc* running
> as root.
>
> I was not able to get *clarmonacc* to use syslog so I pass it a log file
> path argument. It is logging but for each file on the scan mount of */*
> it has a log entry for not having the real file name.
>
>
> Failed to determine real filename of
> /tmp/clamav-da9a1749ec60ae0db9e40b6fc02c141b.tmp.
> Failed to determine real filename of
> /tmp/clamav-797cf8cc9c779ee67d5f1a6a21224219.tmp.
> Failed to determine real filename of
> /tmp/clamav-5f74481b1a4c0d6a8c8f83f7b87267ee.tmp.
> Failed to determine real filename of
> /tmp/clamav-61c5d757a61ec1df46badf46003b7214.tmp.
> Failed to determine real filename of
> /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> Failed to determine real filename of
> /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> Failed to determine real filename of
> /tmp/clamav-dfafeb1a7b735fcf9820565661c0089f.tmp.
> Failed to determine real filename of
> /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
> Failed to determine real filename of
> /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
>
> This is the config file I am using with *clamonacc*
> TCPAddr localhost
> TCPSocket 3310
> OnAccessMountPath /
>
> The only references I can find from Google is to three code repositories
> that show the source code for the file that contains the message "
> Failed to determine real filename of"
>
> It is still making these logs after an hour.
> Will it stop?
> Does it start over when the service is restarted?
> Is there a config option I could add that would allow it to get the real
> filename?
> Is there a config option I could add that would suppress this message?
>
>
> --
> Easy, fast GUI development.
> http://PerlQt.wikidot.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
More information about the clamav-users
mailing list