How to reduce Clamav scan frequency
- Thread starter ajax20
- Start date
SeLLeRoNe
Super Moderator
That guide is actually for email scanning.
System scan is not menthined there, but you may check crontabs in /etc/cron*
Regards
System scan is not menthined there, but you may check crontabs in /etc/cron*
Regards
@ SeLLeRoNe's
Hi. Thanks for responding.
Yes, your are right. I just did not notice that. I'll check crontabs. But I need an antivirus check my server files regularly. Can't I use it for this purpose? I mean, now that it is installed on the server, can't I somehow make a cronjob for it to check server files regularly?
Many Thanks
Saeed
Hi. Thanks for responding.
Yes, your are right. I just did not notice that. I'll check crontabs. But I need an antivirus check my server files regularly. Can't I use it for this purpose? I mean, now that it is installed on the server, can't I somehow make a cronjob for it to check server files regularly?
Many Thanks
Saeed
SeLLeRoNe
Super Moderator
Of course you can, use this command:
JUST SCAN: clamscan -r -i /home/
SCAN AND REMOVE: clamscan -r -i --remove /home/
Create a crontab for do this automatically and you're done. (i suggest you once a week or a day, every two hours no have sense, since linux doesnt "take" viruses)
Regards
JUST SCAN: clamscan -r -i /home/
SCAN AND REMOVE: clamscan -r -i --remove /home/
Create a crontab for do this automatically and you're done. (i suggest you once a week or a day, every two hours no have sense, since linux doesnt "take" viruses)
Regards
By the way, since I am using Moodle, I would like to use the antivirus for scanning files which users upload to the server. Moodle asks for the address of the antivirus folder. From the email alerts I receive for clamav scans, I have the following information
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
Am I right to take the first as the address I can use in Moodle?
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
Am I right to take the first as the address I can use in Moodle?
SeLLeRoNe
Super Moderator
What do you use to upload files? If you use FTP you may search for FTP integration.
If moodle is installed on end-user client, than the antivirus must be on the end-user client.
If you're using FTP protocol, you can set the FTP Server to scan the files that are uploaded/downloaded using that protocol.
Regards
If moodle is installed on end-user client, than the antivirus must be on the end-user client.
If you're using FTP protocol, you can set the FTP Server to scan the files that are uploaded/downloaded using that protocol.
Regards
Well, I own a VPS with me as the only user, I mean, "user admin". There are no other users on the entire VPS. I have installed Moodle on a sudomain such as
moodle.mywebsite.com
So am I right in assuming that the above-mentioned path can be used on this subdomain as well?
moodle.mywebsite.com
So am I right in assuming that the above-mentioned path can be used on this subdomain as well?
SeLLeRoNe
Super Moderator
To know the correct path of clamdscan use:
whereis clamdscan
Than you can take the path and put in the required page.
Regards
whereis clamdscan
Than you can take the path and put in the required page.
Regards
SeLLeRoNe
Super Moderator
The check is made everytime an email is incoming and outgoing, is not referred to time but to email traffic.. more email more check.. but the check is limited to the single email, is not a full system check.
Regards
Regards
Well, in my case I have an email message every hour which equals to 24 emails a day. The content of following emails explain my point better:
Time: Thu Oct 22 11:12:52 2014
Account: clamav
Resource: Process Time
Exceeded: 1855 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 12:12:57 2014
Account: clamav
Resource: Process Time
Exceeded: 5460 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 13:13:03 2014
Account: clamav
Resource: Process Time
Exceeded: 9066 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 14:13:08 2014
Account: clamav
Resource: Process Time
Exceeded: 12670 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 15:13:12 2014
Account: clamav
Resource: Process Time
Exceeded: 16275 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 16:13:16 2014
Account: clamav
Resource: Process Time
Exceeded: 19879 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Absolutely a nuisance! I don't know how to get rid of them.
Time: Thu Oct 22 11:12:52 2014
Account: clamav
Resource: Process Time
Exceeded: 1855 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 12:12:57 2014
Account: clamav
Resource: Process Time
Exceeded: 5460 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 13:13:03 2014
Account: clamav
Resource: Process Time
Exceeded: 9066 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 14:13:08 2014
Account: clamav
Resource: Process Time
Exceeded: 12670 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 15:13:12 2014
Account: clamav
Resource: Process Time
Exceeded: 16275 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Time: Thu Oct 22 16:13:16 2014
Account: clamav
Resource: Process Time
Exceeded: 19879 > 1800 (seconds)
Executable: /usr/local/bin/freshclam
Command Line: /usr/local/bin/freshclam -d
PID: 1322 (Parent PID:1322)
Killed: No
Absolutely a nuisance! I don't know how to get rid of them.
SeLLeRoNe
Super Moderator
Cuase that is not the antivirus, that is the CSF/LFD system.. is informing you that there is a warning of 1800 second of execution time and has been reased by the freshclamd service... nothing to worry about...
You need to add exception in /etc/csf/csf.pignore
the format should be like:
exe:/usr/local/bin/freshclam
and then restart csf and lfd
/etc/init.d/lfd restart
/etc/init.d/csf restart
Regards
You need to add exception in /etc/csf/csf.pignore
the format should be like:
exe:/usr/local/bin/freshclam
and then restart csf and lfd
/etc/init.d/lfd restart
/etc/init.d/csf restart
Regards
SeLLeRoNe
Super Moderator
Because is a service and is always live, as for apache/mysql for example...
Regards
Regards
Clamdscan
I still can't find the ClamAv Excutable:
Moodle is configured to run clam on file upload, but the path supplied to Clam
AV, /usr/local/bin/freshclam, is invalid.
or
/usr/local/bin/clamdscan, is invalid.
Any ideas would be appreciated.
Regards
Saeed
I still can't find the ClamAv Excutable:
Moodle is configured to run clam on file upload, but the path supplied to Clam
AV, /usr/local/bin/freshclam, is invalid.
or
/usr/local/bin/clamdscan, is invalid.
Any ideas would be appreciated.
Regards
Saeed