Scannedonly reporting viruses in files - Sernet Samba 4.0.11

Pavel Pokorny pavel.pokorny at datera.cz
Thu Apr 17 06:27:24 MDT 2014 

Hello to all of you,
we have problem that *scannedonlyd (scannedonly_prescan) is reporting
viruses that clamav does not report*.
>From the outputs bellow is clear that scannedonlyd_clamav daemon (in the
example we used prescan) is reporting and moving to quarantine files that
are not viruses.
ClamScan does not reporting these files as viruses.
Thanks you very much for your help.
Pavel

Please see the following outputs:

[root at lnxga1 testantivir]# ls -laF
total 997080
d--------- 2 root root     8192 Apr 15 18:52 ./
d--------- 7 root root      512 Apr 15 16:36 ../
---------- 1 root root 40812604 Apr 15 17:39 Data1.cab

[root at lnxga1 testantivir]# clamscan Data1.cab
*Data1.cab: OK*

----------- SCAN SUMMARY -----------
Known viruses: 3307018
Engine version: 0.98.1
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 38.92 MB (ratio 0.00:1)
Time: 6.916 sec (0 m 6 s)

[root at lnxga1 testantivir]# clamdscan Data1.cab
/gpfs1/samba/exports/testantivir/Data1.cab: OK

----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)

[root at lnxga1 testantivir]# /usr/local/scanonly/bin/scannedonly_prescan
./Data1.cab
socket=/var/lib/scannedonly/scan
bound /var/lib/scannedonly/scan to socket 3
current socket buffer size=256960
notify_scanner: ./Data1.cab needs scanning

[root at lnxga1 testantivir]# ls -laFtr
total 997080
d--------- 7 root root      512 Apr 15 16:36 ../
---------- 1 root root    84048 Apr 15 16:44 AC-COMPlusVerify.exe
---------- 1 root root 40812604 Apr 15 17:39 .virus:Data1.cab
---------- 1 root root        0 Apr 15 18:53 *VIRUS_found_in_Data1.cab.txt*
d--------- 2 root root     8192 Apr 15 18:53 ./

Apr 15 18:53:39 lnxga1 scannedonlyd_clamav[20519]: Received
/gpfs1/samba/exports/testantivir/Data1.cab for scanning, 1 files on small
queue
Apr 15 18:53:39 lnxga1 scannedonlyd_clamav[20519]: 2:0: Scanning
/gpfs1/samba/exports/testantivir/Data1.cab
Apr 15 18:53:41 lnxga1 scannedonlyd_clamav[20519]: 2:0: WARNING:
/gpfs1/samba/exports/testantivir/Data1.cab contains virus
Win.Trojan.Agent-629666!
Apr 15 18:53:41 lnxga1 scannedonlyd_clamav[20519]: 2: moving
/gpfs1/samba/exports/testantivir/Data1.cab to
/gpfs1/samba/exports/testantivir/.virus:Data1.cab

*OS / Samba / ClamAV versions:*
OS RedHat 6.5
Sernet samba 4.0.11
clamd-0.98.1-1.el6.x86_64
clamav-0.98.1-1.el6.x86_64
clamav-devel-0.98.1-1.el6.x86_64
clamav-db-0.98.1-1.el6.x86_64
--
Ing. Pavel Pokorný
DATERA s.r.o. | Ovocný trh 580/2 | Praha | Czech Republic
www.datera.cz | Mobil: +420 602 357 194 | E-mail: pavel.pokorny at datera.cz

More information about the samba-technical mailing list