[clamav-users] error files in /

Ivan ivanzanoth at gmail.com
Wed May 4 12:50:56 UTC 2022 

Please, direct your msg properly.

Tks,
On 04/05/2022 09:46, G.W. Haywood via clamav-users wrote:
> Hi there,
>
> On Wed, 4 May 2022, Hoevenaar, Jeffrey (GE Aviation, US) via 
> clamav-users wrote:
>
>> I am getting these strange files in the root file system "/" on my 
>> linux servers.
>>
>> -rw-r-----.   1 root root    98 Apr 13 08:00 @??E?U
>> -rw-r-----.   1 root root    75 Apr 26 08:00 @g6??U
>> -rw-r-----.   1 root root    75 Apr  1 08:00 @g)$?U
>>
>>
>> The files contain the error message.
>>
>> ERROR: ClamClient: Connection to clamd failed, Couldn't resolve host 
>> name.
>> ClamScanQueue: stopped
>
> Do they all contain the same error message?  Two of the files are 75
> bytes long, the other one is 98 bytes.  The error message in your post
> is (give or take formatting in an email) 98 bytes.  The first line of
> the error is 75 bytes (with the same proviso).
>
> To connect to clamd, an IP address would be more reliable than a
> hostname.  It wouldn't rely on some flaky name resolution service.
>
> In any case more information is needed.  Please could you let us have
> the output of the command
>
> clamconf -n
>
> cut and pasted into an email so that there are no accidental changes?
>
>> I believe it is occurring when the clam services are restarted each day.
>
> It isn't really necessary to restart those services daily, but it
> probably won't do any harm and it might help highlight some issues
> (for example like this one).  But I'd be inclined to disable the
> restarts, at least for a while, just to find out if the restarts
> really are triggering this.
>
>> Any idea how to route these errors messages elsewhere?
>
> It will be easy to do but more information is needed.  There are very
> few reasons to write files in the root directory, and nothing like
> ClamAV has any business doing that.  It might mean there's something
> wrong with your configuration; it might not be the ClamAV-specific
> configuration but that's a place to start.  ClamAV might be started or
> restarted by some configuration that's provided by your operating
> system distribution, and not by ClamAV itself.  It would help if you
> could give us information about that, such as the OS distribution(s),
> the packages which provide ClamAV, etc. and any local configuration
> changes made to the distribution defaults.  The ideal would be to get
> any utility (such as one provided by ClamAV) to know where to write
> its error output (e.g. /var/log/somewhere) before actually doing it.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220504/f48843c5/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: zntdev.png
Type: image/png
Size: 3341 bytes
Desc: not available
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20220504/f48843c5/attachment.png>

More information about the clamav-users mailing list