Koozali.org formerly Contribs.org

clam AV creating files in \tmp

clam AV creating files in \tmp
« on: July 19, 2006, 04:35:34 PM »
I've got a curious problem on my home SME (6.0).  As I was running low on disk space, I moved the contents of 1 users home folder  (my daughter with 15gb of mp3, video etc) to another network share (a NAS unit - also used for server backup via Backup2ws).

That gave me 20gb free on a 40gb drive, but the next day it was full again.  The problem was that the \tmp folder contained copies of the user folders (some still on the server, some moved to the NAS unit).  I deleted them & got my space back, but it just happened again & each time I delete these /tmp folders, they come back again.

Most odd is that some of the folders being created in the Clam folder in \tmp no longer exist on the server.  As you drill down in tmp, you get the familiar \home\e-smith\files\users\ .. etc & it has a folder for ..\username\home\music for the user that has been moved & where there's no folders under \home for that user.

There are no errors being reported in server manager & nothing in the clam logs that throw any light on it.

Anyone any suggestions?

clam AV creating files in \tmp
« Reply #1 on: July 24, 2006, 04:46:32 PM »
OK - I think I've sorted this now.

The NAS unit was remaining mounted at /mnt/backup2ws.(job number) & Clamscan was finding this & scanning the backup RAR archives.

I think clam uses /tmp to extract the archives for scanning, so it was effectively copying back the last backup (all user data & IBAYS) onto the SME server under /tmp.

Not sure why backup2ws is failing to unmount drive, but I can't do it manually either (drive in use) so I guess clamscan starts running before the backup finishes & so keeps the mounted drive in use.

Anyway I edited /etc/clamscan (& created custom template) to remove the --unrar option, so clamscan now ignores RAR archives (I only use RAR for backup) & so far, so good.