Hello,

 

Running clamd and clamonacc on RHEL8 server.

 

 

I created a test file called “jeff1234” with the EICAR test string.

 

The clamonacc seems to find the bad file.  The files remains in place until I try to copy or modify it then it is moved to the quarantine directory.  Is that normal behavior?

 

 

Is this normal output when clamonacc finds a virus?

 

traverse_rename: Failed to rename

Error:Invalid cross-device link

 

 

The clamaccon log file w/ verbose options.

 

ClamFanotif: attempting to feed consumer queue

ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'

/home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND

traverse_to: Handle opened for 'home' directory.

traverse_to: Handle opened for '212@col-dev.ge.com' directory.

traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234

        to: /root/clamav-quarantine/jeff1234

Error:Invalid cross-device link

traverse_to: Handle opened for 'home' directory.

traverse_to: Handle opened for '212@col-dev.ge.com' directory.

/home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'

 

 

/var/log/messages output:

 

May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamFanotif: attempting to feed consumer queue

May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'

May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND

May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.

May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.

May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234

May 13 09:53:08 rhel8avtest clamonacc[2947]: #011to: /root/clamav-quarantine/jeff1234

May 13 09:53:08 rhel8avtest clamonacc[2947]: Error:Invalid cross-device link

May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.

May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.

May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'

May 13 09:53:08 rhel8avtest clamd[1534]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND

 

 

Thanks,

Jeff Hoevenaar