Hello,
Running clamd and clamonacc on RHEL8 server.
I created a test file called "jeff1234" with the EICAR test string.
The clamonacc seems to find the bad file. The files remains in place until I try to copy or modify it then it is moved to the quarantine directory. Is that normal behavior?
Is this normal output when clamonacc finds a virus?
traverse_rename: Failed to rename
Error:Invalid cross-device link
The clamaccon log file w/ verbose options.
ClamFanotif: attempting to feed consumer queue
ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'
/home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '212@col-dev.ge.com' directory.
traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234
to: /root/clamav-quarantine/jeff1234
Error:Invalid cross-device link
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '212@col-dev.ge.com' directory.
/home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'
/var/log/messages output:
May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamFanotif: attempting to feed consumer queue
May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'
May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: #011to: /root/clamav-quarantine/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: Error:Invalid cross-device link
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'
May 13 09:53:08 rhel8avtest clamd[1534]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
Thanks,
Jeff Hoevenaar
Running clamd and clamonacc on RHEL8 server.
I created a test file called "jeff1234" with the EICAR test string.
The clamonacc seems to find the bad file. The files remains in place until I try to copy or modify it then it is moved to the quarantine directory. Is that normal behavior?
Is this normal output when clamonacc finds a virus?
traverse_rename: Failed to rename
Error:Invalid cross-device link
The clamaccon log file w/ verbose options.
ClamFanotif: attempting to feed consumer queue
ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'
/home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '212@col-dev.ge.com' directory.
traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234
to: /root/clamav-quarantine/jeff1234
Error:Invalid cross-device link
traverse_to: Handle opened for 'home' directory.
traverse_to: Handle opened for '212@col-dev.ge.com' directory.
/home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'
/var/log/messages output:
May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamFanotif: attempting to feed consumer queue
May 13 09:53:08 rhel8avtest clamonacc[2947]: ClamWorker: performing scanning on file '/home/212@col-dev.ge.com/jeff1234'
May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_rename: Failed to rename: /home/212@col-dev.ge.com/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: #011to: /root/clamav-quarantine/jeff1234
May 13 09:53:08 rhel8avtest clamonacc[2947]: Error:Invalid cross-device link
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for 'home' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: traverse_to: Handle opened for '212@col-dev.ge.com' directory.
May 13 09:53:08 rhel8avtest clamonacc[2947]: /home/212@col-dev.ge.com/jeff1234: moved to '/root/clamav-quarantine/jeff1234'
May 13 09:53:08 rhel8avtest clamd[1534]: /home/212@col-dev.ge.com/jeff1234: Eicar-Signature FOUND
Thanks,
Jeff Hoevenaar