WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: On Access Virus Protection ?  (Read 38198 times)

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #75 on: December 31, 2011, 09:28:19 AM »
Hi remus
Quote
So do I just delete the /tmp/package/usr/local/share/doc/ dir and thats my doc free tcz right ?
And do it in reverse to create the rlog-doc.tcz ?
That sounds right. If that  eicar  is not too big, you might want to add it so an end user can quickly
and easily test that they have properly configured clamfs.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #76 on: December 31, 2011, 10:46:39 AM »
Including the eicar test file is doable, its only 68 bytes.

I'm running the command  submitqc4 in the dir that contains all the required files for an extension.
And its taking a long time with no output, is this normal ?

Live long and prosper.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #77 on: December 31, 2011, 04:15:54 PM »
Hi remus
Depending on the number of files in the extension and the speed of you hardware, it may take a
little while before you see a response. I used it for an extension containing only one executable
file and it took 10 seconds before I saw any output.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #78 on: January 12, 2012, 04:53:20 AM »
I've submitted the deps for ClamFS as extensions, and am preparing to do the same for ClamFS.

I'm getting around to writing up the steps needed to get everything working (as the comments in the info file) and need a bit of guidance.

The default clamd.conf file (which is for the clam antivirus daemon) has the default location for the clamd log file as
Code: [Select]
/tmp/clamd.logI did a bit of research (self inflicted learning) and discovered that log files are often located at
Code: [Select]
/var/log
Should I change the location to /var/log or leave it in the default location ?
« Last Edit: January 13, 2012, 08:38:24 PM by remus »
Live long and prosper.

Offline Juanito

  • Administrator
  • Hero Member
  • *****
  • Posts: 14790
Re: On Access Virus Protection ?
« Reply #79 on: January 12, 2012, 05:17:48 AM »
If it's not too much trouble, I think /var/log makes more sense (and this is probably what fhs recommends)

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #80 on: January 13, 2012, 10:39:19 PM »
There is a required entry
Code: [Select]
LocalSocket /tmp/clamd.socket
I've done some googling but can't seem to find a Filesystem Hierarchy Standard reference to where socket files are supposed to go. I'll stick with >/tmp/clamd.socket< unless anyone has some input
Live long and prosper.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #81 on: January 13, 2012, 11:13:33 PM »
Hi remus
Cups uses   /var/run/cups/cups.sock

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #82 on: January 13, 2012, 11:38:09 PM »
Thx Rich,
I also looked up "mysql socket" on google, and its non consistent, sometimes its /tmp/mysql.sock or /var/lib/mysql/mysql.sock

Part of my setup guide gets the user to check if they already have clamd running BEFORE making changes to the clamd.conf file.

Code: [Select]
$ top output might be too busy for some.

I've got this so far.
Code: [Select]
$ ps | grep clamd
 2568 root     clamd
 2648 tc       grep clamd

Is there a command that just gives a single line of output ?
Live long and prosper.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #83 on: January 13, 2012, 11:49:22 PM »
Hi remus
This might work:
Code: [Select]
ps | grep clamd | grep -v grep

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #84 on: January 13, 2012, 11:52:31 PM »
Thx Rich,
Does the trick.
Live long and prosper.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #85 on: January 14, 2012, 02:14:30 PM »
Hi remus
And  geany  uses  /tmp/geany_socket.XXXXXXXX  where  XXXXXXXX  appears to be a hex number.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #86 on: February 06, 2012, 11:27:04 PM »
I've put together clamfs as a tcz extension, and have started writing a simple guide to setting it up.

A little problem I'm hitting is that the clamd.conf file AND the clamfs.xml file both need to be edited in order to get things working. However a default install of clamav and clamfs give me what I think are links to the actual files. If I try to edit the link or the actual file I get the following error.

Code: [Select]
Error writing clamfs.xml: Read-only file system
Heres what the link looks like

Code: [Select]
tc@box:/usr/local/etc/clamfs$ ls -l
total 0
lrwxrwxrwx 1 root root 50 Feb  7 13:15 clamfs.xml -> /tmp/tcloop/clamfs/usr/local/etc/clamfs/clamfs.xml

Heres the tce.insalled/clamfs.xml file I'm using
Code: [Select]
#!/bin/sh

[ -d /usr/local/etc/clamfs ] || mkdir /usr/local/etc/clamfs

[ -f /usr/local/etc/clamfs/clamfs.xml ] || cp -p /usr/local/share/clamfs/files/
clamfs.xml /usr/local/etc/clamfs/

I've run into this problem before and was instructed to copy the file from /tmp/tcloop/clamfs/usr/local/etc/clamfs/clamfs.xml and replace the file located at /usr/local/etc/clamfs/clamfs.xml which works.

Is this the way it should be done to conform to anti bloat policy for creating extensions ?
Is it OK to setup the extension's tce.installed script so that a real writable file is saved to /usr/local/etc/clamfs/clamfs.xml ? And if so, how do I do that in my tce.installed script ?
Live long and prosper.

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: On Access Virus Protection ?
« Reply #87 on: February 07, 2012, 12:17:40 AM »
If the default config file is sufficient, you need do nothing, and no additional memory is used.
If you need to edit the config file, rename it to clamfs.xml.bak.
Then cp clamfs.xml.bak clamfs.xml.
Make your changes, add usr/local.etc.clamfs/clamfs.xml to /opt/.filetool.lst and do a backup.

Offline remus

  • Sr. Member
  • ****
  • Posts: 371
Re: On Access Virus Protection ?
« Reply #88 on: February 07, 2012, 02:42:52 AM »
Default config files are insufficient.

So the end user has no choice but to:

cd /usr/local/etc/clamfs
sudo mv clamfs.xml clamfs.xml.bak
sudo cp /tmp/tcloop/clamfs/usr/local/etc/clamfs/clamfs.xml .
sudo echo "usr/local/etc/clamfs/clamfs.xml" >> /opt/.filetool.lst

Just thought I'd ask, I understand and support the goals of tinycore :)
LESSS IS MORE :)

I could include a script for the end user to run.
Live long and prosper.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11573
Re: On Access Virus Protection ?
« Reply #89 on: February 07, 2012, 03:02:54 AM »
Hi remus
Or you could do what other extensions do and give the instructions in the  Comments  field of the
info file.