 |
 | Permission denied and filters |  |
|
winemonkey
|
|
Hi, thanks for the free support on such a great piece of software! All the guys who write angry notes only make it harder for you guys to willing do this.
I get the standard permission denied annotations in my summary report, so I added them to the exclude filter list so I didn't have to look at them everyday. However, they still show up. Is Clamwin trying to open the file for reading before applying the filter? That's what it looks like. Here's the report and filter list: C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ea163e484e3756c4cad36a42ef61511_d5b22686-47f6-4eef-9daf-db6863e83b36: Permission denied C:\pagefile.sys: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\master.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\mastlog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\model.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\modellog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\msdbdata.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\msdblog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\tempdb.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\templog.ldf: Permission denied C:\Program Files\VERITAS\Backup Exec\NT\Data\bedb_dat.mdf: Permission denied C:\Program Files\VERITAS\Backup Exec\NT\Data\bedb_log.ldf: Permission denied C:\WINNT\system32\config\default: Permission denied C:\WINNT\system32\config\SAM: Permission denied C:\WINNT\system32\config\SECURITY: Permission denied C:\WINNT\system32\config\software: Permission denied C:\WINNT\system32\config\system: Permission denied C:\WINNT\system32\config\SYSTEM.ALT: Permission denied C:\WINNT\system32\LServer\TLSLic.edb: Permission denied C:\WINNT\system32\LServer\tmp.edb: Permission denied C:\WINNT\Temp\hsperfdata_SYSTEM\1056: Permission denied C:\WINNT\Temp\ib2A.tmp: Permission denied [standard items, then these are mine...] *.chm C:\temp\logmein.msi <-- btw, this generates a false positive *.mdf *.ldf *.edb C:\WINNT\system32\config\default [...and so on] Am I doing something wrong, or is ClamWin? Thanks again, WineMonkey |
|||||||||||
|
|||||||||||||
 |
| |
|
sherpya
|
|
about logmein fp, please report to https://www.clamav.net/sendvirus/ https://www.clamav.net/sendvirus/
about filters, please post your filter rules |
|||||||||||
|
|||||||||||||
|
| |
|
winemonkey
|
|
They're in the original post, but here they are again...
[standard filter items up to here, then these are mine...] *.chm C:\temp\logmein.msi <-- btw, this generates a false positive *.mdf *.ldf *.edb C:\WINNT\system32\config\default [...and so on] |
|||||||||||
|
|||||||||||||
|
| |
|
sherpya
|
|
strange I've just tested similar filter and it works,
can you pls look at %TEMP%\ClamWin1.log after scan? the command line should contain something like --exclude="c\:\\temp\\clam\.exe$" |
|||||||||||
|
|||||||||||||
|
| |
|
winemonkey
|
|
This is all that is in the log:
System Locale: ('en_US', 'cp1252') Default Encoding: cp1252 command line path: |
|||||||||||
|
|||||||||||||
|
| |
|
winemonkey
|
|
I didn't realize viewing the scan report reset the log file.
It looks like there is a difference between a manual scan and a scheduled scan. I ran a short manual scan and here's the log file right after the scan finished: (I don't have the scheduled scan log file; I will tomorrow.) System Locale: ('en_US', 'cp1252') Default Encoding: cp1252 command line path: "C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data" Scanning: "C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data" clamscan.exe command line: "C:\ClamWin\bin\clamscan.exe" --tempdir "c:\docume~1\dummy\locals~1\temp\2" --keep-mbox --stdout --database="C:\Documents and Settings\All Users.WINNT\.clamwin\db" --log="c:\docume~1\dummy\locals~1\temp\2\tmpkoup4i" --no-mail --infected --max-files=500 --max-scansize=150M --max-recursion=5 --max-filesize=100M --show-progress --recursive --exclude="[^\]*\.dbx$" --exclude="[^\]*\.tbb$" --exclude="[^\]*\.pst$" --exclude="[^\]*\.dat$" --exclude="[^\]*\.log$" --exclude="[^\]*\.evt$" --exclude="[^\]*\.nsf$" --exclude="[^\]*\.ntf$" --exclude="[^\]*\.chm$" --exclude="C\:\\temp\\logmein\.msi$" --exclude="[^\]*\.mdf$" --exclude="[^\]*\.ldf$" --exclude="[^\]*\.edb$" --exclude="C\:\\WINNT\\system32\\config\\default$" --exclude="C\:\\WINNT\\system32\\config\\SAM$" --exclude="C\:\\WINNT\\system32\\config\\SECURITY$" --exclude="C\:\\WINNT\\system32\\config\\software$" --exclude="C\:\\WINNT\\system32\\config\\system$" --exclude="C\:\\WINNT\\system32\\config\\SYSTEM\.ALT$" --exclude="C\:\\pagefile\.sys$" --exclude="C\:\\Documents\ and\ Settings\\All\ Users\.WINNT\\Application\ Data\\Microsoft\\Crypto\\RSA\\MachineKeys\\6[^\]*6$" "C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data" Cleanup for process 000010ac Here's the results of this *manual* scan: Scan Started Thu Aug 27 08:38:39 2009 ------------------------------------------------------------------------------- ----------- SCAN SUMMARY ----------- Known viruses: 613693 Engine version: 0.95.2 Scanned directories: 1 Scanned files: 6 Infected files: 0 Data scanned: 17.19 MB Data read: 17.19 MB (ratio 1.00:1) Time: 4.656 sec (0 m 4 s) However, here's the *scheduled* scan results: Scan Started Thu Aug 27 03:00:00 2009 ------------------------------------------------------------------------------- *** Scanning Programs in Computer Memory *** *** Memory Scan: using ToolHelp *** *** Scanned 48 processes - 476 modules *** *** Computer Memory Scan Completed *** C:\Documents and Settings\All Users.WINNT\Application Data\Microsoft\Crypto\RSA\MachineKeys\6ea163e484e3756c4cad36a42ef61511_d5b22686-47f6-4eef-9daf-db6863e83b36: Permission denied C:\pagefile.sys: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\master.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\mastlog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\model.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\modellog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\msdbdata.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\msdblog.ldf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\tempdb.mdf: Permission denied C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\templog.ldf: Permission denied C:\Program Files\VERITAS\Backup Exec\NT\Data\bedb_dat.mdf: Permission denied C:\Program Files\VERITAS\Backup Exec\NT\Data\bedb_log.ldf: Permission denied C:\WINNT\system32\config\default: Permission denied C:\WINNT\system32\config\SAM: Permission denied C:\WINNT\system32\config\SECURITY: Permission denied C:\WINNT\system32\config\software: Permission denied C:\WINNT\system32\config\system: Permission denied C:\WINNT\system32\config\SYSTEM.ALT: Permission denied C:\WINNT\system32\LServer\TLSLic.edb: Permission denied C:\WINNT\system32\LServer\tmp.edb: Permission denied C:\WINNT\Temp\hsperfdata_SYSTEM\1056: Permission denied C:\WINNT\Temp\ib2A.tmp: Permission denied |
|||||||||||
|
|||||||||||||
|
 | Permission denied and filters | |
|
||
|
|
|
Powered by phpBB © phpBB Group
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.
Design by phpBBStyles.com | Styles Database.
Content © ClamWin Free Antivirus GNU GPL Free Software Open Source Virus Scanner. Free Windows Antivirus. Stay Virus Free with Free Software.