ClamAV creating foldersssss in /tmp directory.

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
Every few seconds I see folders in the format below created (but not automatically deleted after that). They contains large virus definition files main.db and main.hdb.
drwx------ 2 mailnull mail 1024 Dec 16 03:53 clamav-xxxxxxxxxxx
My /tmp folder is 250Mb. After I manually deleted those folders, it got full again after a few minutes.

I can see other files also being created under /tmp but they are automatically deleted after a while.

What went wrong?
 

haze

Well-Known Member
Dec 21, 2001
1,550
3
318
maybe the defs aren't updating properly ? how much free space do you have on your /tmp ? maybe the definitions aren't downloading fully ? Whats df -h report for space available on /var and /tmp ? Any problems when running freshclam manually from shell ?
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
[email protected] [/tmp]# df -h
Filesystem Size Used Avail Use% Mounted on
/dev/hda3 70G 4.9G 62G 8% /
/dev/hda1 502M 25M 452M 6% /boot
/dev/hdb1 37G 2.6G 33G 8% /backupdrive
none 500M 0 500M 0% /dev/shm
/usr/tmpDSK 243M 4.1M 226M 2% /tmp
/tmp 243M 4.1M 226M 2% /var/tmp


[email protected] [/tmp]# freshclam
ClamAV update process started at Fri Dec 17 02:59:18 2004
Reading CVD header (main.cvd): OK
main.cvd is up to date (version: 28, sigs: 26630, f-level: 3, builder: tomek)
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
Reading CVD header (daily.cvd): OK
daily.cvd is up to date (version: 632, sigs: 1788, f-level: 3, builder: trog)
WARNING: Your ClamAV installation is OUTDATED - please update immediately !
WARNING: Current functionality level = 2, required = 3
Although the ClamAV installation is outdated, I don't think it is the reason the /tmp folder got full, right???
 

haze

Well-Known Member
Dec 21, 2001
1,550
3
318
It might well be. I'd go ahead and update that install if i were you, usually you won't get new definitions with older versions.