Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. win32
[clamav-users] Thousands of log entries for real filename
clamav-users at lists
Sep 11, 2020, 9:39 AM
Post #1 of 3 (479 views)
Permalink
I setup *clamd* running as the clamscan user. I have *clamonacc* running as
root.

I was not able to get *clarmonacc* to use syslog so I pass it a log file
path argument. It is logging but for each file on the scan mount of */* it
has a log entry for not having the real file name.


Failed to determine real filename of
/tmp/clamav-da9a1749ec60ae0db9e40b6fc02c141b.tmp.
Failed to determine real filename of
/tmp/clamav-797cf8cc9c779ee67d5f1a6a21224219.tmp.
Failed to determine real filename of
/tmp/clamav-5f74481b1a4c0d6a8c8f83f7b87267ee.tmp.
Failed to determine real filename of
/tmp/clamav-61c5d757a61ec1df46badf46003b7214.tmp.
Failed to determine real filename of
/tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
Failed to determine real filename of
/tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
Failed to determine real filename of
/tmp/clamav-dfafeb1a7b735fcf9820565661c0089f.tmp.
Failed to determine real filename of
/tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
Failed to determine real filename of
/tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.

This is the config file I am using with *clamonacc*
TCPAddr localhost
TCPSocket 3310
OnAccessMountPath /

The only references I can find from Google is to three code repositories
that show the source code for the file that contains the message " Failed
to determine real filename of"

It is still making these logs after an hour.
Will it stop?
Does it start over when the service is restarted?
Is there a config option I could add that would allow it to get the real
filename?
Is there a config option I could add that would suppress this message?


--
Easy, fast GUI development.
http://PerlQt.wikidot.com
Re: [clamav-users] Thousands of log entries for real filename [ In reply to ]
clamav-users at lists
Sep 11, 2020, 9:53 AM
Post #2 of 3 (479 views)
Permalink
Hi Royce,

There may be an issue with the way you are running clamonacc.

Scanning the hole filing system can cause recursion as the system may
try to re-scan the log every time it is updated generating a new log
entry or may try to scan special files that are not suitable for scanning.

Stop the clamonacc process.

Sort out a much smaller subset of directories that you need to scan and
you will avoid filling the log file due to user error while you learn
the pitfalls.

Read up on what files and parts of the filing system are suitable for
scanning as not all parts of a Linux filing system are suitable for
scanning.

Regards
Mark.


On 11/09/2020 17:39, Royce Souther via clamav-users wrote:
> I setupĀ *clamd* running as the clamscan user. I have *clamonacc* running
> as root.
>
> I was not able to get *clarmonacc* to use syslog so I pass it a log file
> path argument. It is logging but for each file on the scan mount of */*
> it has a log entry for not having the real file name.
>
>
> Failed to determine real filename of
> /tmp/clamav-da9a1749ec60ae0db9e40b6fc02c141b.tmp.
> Failed to determine real filename of
> /tmp/clamav-797cf8cc9c779ee67d5f1a6a21224219.tmp.
> Failed to determine real filename of
> /tmp/clamav-5f74481b1a4c0d6a8c8f83f7b87267ee.tmp.
> Failed to determine real filename of
> /tmp/clamav-61c5d757a61ec1df46badf46003b7214.tmp.
> Failed to determine real filename of
> /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> Failed to determine real filename of
> /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> Failed to determine real filename of
> /tmp/clamav-dfafeb1a7b735fcf9820565661c0089f.tmp.
> Failed to determine real filename of
> /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
> Failed to determine real filename of
> /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
>
> This is the config file I am using with *clamonacc*
> TCPAddr localhost
> TCPSocket 3310
> OnAccessMountPath /
>
> The only references I can find from Google is to three code repositories
> that show the source code for the file that contains the message "
> Failed to determine real filename of"
>
> It is still making these logs after an hour.
> Will it stop?
> Does it start over when the service is restarted?
> Is there a config option I could add that would allow it to get the real
> filename?
> Is there a config option I could add that would suppress this message?
>
>
> --
> Easy, fast GUI development.
> http://PerlQt.wikidot.com
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Thousands of log entries for real filename [ In reply to ]
clamav-users at lists
Sep 16, 2020, 4:17 PM
Post #3 of 3 (475 views)
Permalink
I tried adding all the directories using *OnAccessIncludePath* and did not
add /proc/ but it will not scan /var/
It errors out with this.
*ERROR: ClamInotif: could not watch path '/var/', 3*

I found one page that talked about how socket files can be scanned and that
could be the problem, but socket files can be created at any time so it is
not possible to add them to the ignore list.
I can't find an option to ignore socket files, but if ClamAV can't scan
socket files, why aren't they automatically ignored by default.



On Fri, Sep 11, 2020 at 10:53 AM Mark Fortescue <
mark.lists@thurning-instruments.co.uk> wrote:

> Hi Royce,
>
> There may be an issue with the way you are running clamonacc.
>
> Scanning the hole filing system can cause recursion as the system may
> try to re-scan the log every time it is updated generating a new log
> entry or may try to scan special files that are not suitable for scanning.
>
> Stop the clamonacc process.
>
> Sort out a much smaller subset of directories that you need to scan and
> you will avoid filling the log file due to user error while you learn
> the pitfalls.
>
> Read up on what files and parts of the filing system are suitable for
> scanning as not all parts of a Linux filing system are suitable for
> scanning.
>
> Regards
> Mark.
>
>
> On 11/09/2020 17:39, Royce Souther via clamav-users wrote:
> > I setup *clamd* running as the clamscan user. I have *clamonacc* running
> > as root.
> >
> > I was not able to get *clarmonacc* to use syslog so I pass it a log file
> > path argument. It is logging but for each file on the scan mount of */*
> > it has a log entry for not having the real file name.
> >
> >
> > Failed to determine real filename of
> > /tmp/clamav-da9a1749ec60ae0db9e40b6fc02c141b.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-797cf8cc9c779ee67d5f1a6a21224219.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-5f74481b1a4c0d6a8c8f83f7b87267ee.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-61c5d757a61ec1df46badf46003b7214.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-8b7e55b8d7d431f8a96b72c1c8958a45.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-dfafeb1a7b735fcf9820565661c0089f.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
> > Failed to determine real filename of
> > /tmp/clamav-985a118f2faed2e563d3a21c8df88450.tmp.
> >
> > This is the config file I am using with *clamonacc*
> > TCPAddr localhost
> > TCPSocket 3310
> > OnAccessMountPath /
> >
> > The only references I can find from Google is to three code repositories
> > that show the source code for the file that contains the message "
> > Failed to determine real filename of"
> >
> > It is still making these logs after an hour.
> > Will it stop?
> > Does it start over when the service is restarted?
> > Is there a config option I could add that would allow it to get the real
> > filename?
> > Is there a config option I could add that would suppress this message?
> >
> >
> > --
> > Easy, fast GUI development.
> > http://PerlQt.wikidot.com
> >
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
>


--
Easy, fast GUI development.
http://PerlQt.wikidot.com

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal