/l3/users/clint/MIMEDefang-ASP/asp.linux.nt/user :1 :2 :3 :4
[ править ]

Журнал лабораторных работ

Содержание

Журнал

Пятница (10/27/06)

/dev/pts/3
22:04:48
#/etc/init.d/sendmail restart
Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]
22:04:53
#/etc/init.d/clamav-milter restart
Stopping clamav-milter:                                    [ СБОЙ ]
Starting clamav-milter: LibClamAV debug: Running as user defang (UID 100, GID 101)
LibClamAV debug: loadDatabase: check /var/lib/clamav/daily.cvd for updates
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
...
LibClamAV debug: Loading /tmp/clamav-9b6c7a24b15c003c/main.db
LibClamAV debug: Loading /tmp/clamav-9b6c7a24b15c003c/main.hdb
LibClamAV debug: Loading /tmp/clamav-9b6c7a24b15c003c/main.ndb
LibClamAV debug: Loading /tmp/clamav-9b6c7a24b15c003c/main.zmd
LibClamAV debug: Loading /tmp/clamav-9b6c7a24b15c003c/main.fp
LibClamAV debug: Database loaded
LibClamAV debug: Stat()ing files in /var/lib/clamav
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-1ed9948462b51b91
                                                           [  ОК  ]
22:04:57
#ps -ax
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [5]
    2 ?        SN     0:00 [ksoftirqd/0]
    3 ?        S<     0:00 [events/0]
    4 ?        S<     0:00 [khelper]
    5 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [kacpid]
   80 ?        S<     0:00 [kblockd/0]
   83 ?        S<     0:00 [khubd]
...
23130 pts/7    S+     0:00 script -f -q /root/.lilalo//32711182092062014324-1161973329.script
23131 pts/8    Ss+    0:00 bash -i
23393 ?        S      0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/mim
23394 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
23407 ?        Sl     0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U defang -p /var/spool/
23419 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
24522 ?        Ssl    0:00 /usr/sbin/clamd
24626 ?        Ss     0:00 sendmail: accepting connections
24633 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
24662 pts/5    R+     0:00 ps -ax
22:05:00
#/etc/init.d/clamav-milter stop
Stopping clamav-milter:                                    [ СБОЙ ]
22:05:13
#/etc/init.d/clamav-milter start
Starting clamav-milter: LibClamAV debug: Running as user defang (UID 100, GID 101)
LibClamAV debug: loadDatabase: check /var/lib/clamav/daily.cvd for updates
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
...
LibClamAV debug: Loading /tmp/clamav-8faeb9cc6b9d073a/main.db
LibClamAV debug: Loading /tmp/clamav-8faeb9cc6b9d073a/main.hdb
LibClamAV debug: Loading /tmp/clamav-8faeb9cc6b9d073a/main.ndb
LibClamAV debug: Loading /tmp/clamav-8faeb9cc6b9d073a/main.zmd
LibClamAV debug: Loading /tmp/clamav-8faeb9cc6b9d073a/main.fp
LibClamAV debug: Database loaded
LibClamAV debug: Stat()ing files in /var/lib/clamav
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-38e0666c48d6204b
                                                           [  ОК  ]
22:05:17
#tail -f /var/log/messages 
Oct 27 22:04:57 asp clamav-milter[24653]: Loaded ClamAV 0.88.5/2035/Sun Oct 15 23:42:30 2006
Oct 27 22:04:57 asp clamav-milter[24653]: ClamAV: Protecting against 73019 viruses
Oct 27 22:04:57 asp clamav-milter[24654]: Can't save PID in file /var/run/clamav/clamav-milter.pid
Oct 27 22:04:57 asp clamav-milter[24654]: Stopping ClamAV version 0.88.5, clamav-milter version 0.88.5
Oct 27 22:05:01 asp crond(pam_unix)[24668]: session opened for user root by (uid=0)
Oct 27 22:05:02 asp crond(pam_unix)[24668]: session closed for user root
Oct 27 22:05:17 asp clamav-milter[24689]: Loaded ClamAV 0.88.5/2035/Sun Oct 15 23:42:30 2006
Oct 27 22:05:17 asp clamav-milter[24689]: ClamAV: Protecting against 73019 viruses
Oct 27 22:05:17 asp clamav-milter[24690]: Can't save PID in file /var/run/clamav/clamav-milter.pid
Oct 27 22:05:17 asp clamav-milter[24690]: Stopping ClamAV version 0.88.5, clamav-milter version 0.88.5
22:05:49
#ls -al /var/run/clamav/
итого 12
drwxr-xr-x   2 clamav clamav 4096 Окт 16 13:19 .
drwxr-xr-x  18 root   root   4096 Окт 27 22:04 ..
22:06:19
#chown -R defang.defang /var/run/clamav/










22:06:52




#/etc/init.d/clamd stop


Stopping Clam AV daemon:                                   [  ОК  ]











22:07:06




#/etc/init.d/clamd start


Starting Clam AV daemon: LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
...
LibClamAV debug: Unpacking /tmp/clamav-f5d54dcf9cd5176b/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-f5d54dcf9cd5176b/main.fp
LibClamAV debug: Unpacking /tmp/clamav-f5d54dcf9cd5176b/main.info
LibClamAV debug: Loading databases from /tmp/clamav-f5d54dcf9cd5176b
LibClamAV debug: Loading /tmp/clamav-f5d54dcf9cd5176b/main.db
LibClamAV debug: Loading /tmp/clamav-f5d54dcf9cd5176b/main.hdb
LibClamAV debug: Loading /tmp/clamav-f5d54dcf9cd5176b/main.ndb
LibClamAV debug: Loading /tmp/clamav-f5d54dcf9cd5176b/main.zmd
LibClamAV debug: Loading /tmp/clamav-f5d54dcf9cd5176b/main.fp
                                                           [  ОК  ]











22:07:15




#ps -ax


Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [5]
    2 ?        SN     0:00 [ksoftirqd/0]
    3 ?        S<     0:00 [events/0]
    4 ?        S<     0:00 [khelper]
    5 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [kacpid]
   80 ?        S<     0:00 [kblockd/0]
   83 ?        S<     0:00 [khubd]
...
23130 pts/7    S+     0:00 script -f -q /root/.lilalo//32711182092062014324-1161973329.script
23131 pts/8    Ss+    0:00 bash -i
23393 ?        S      0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/mim
23394 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
23407 ?        Sl     0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U defang -p /var/spool/
23419 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
24626 ?        Ss     0:00 sendmail: accepting connections
24633 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
24742 ?        Ss     0:00 /usr/sbin/clamd
24749 pts/5    R+     0:00 ps -ax











22:07:19




#/etc/init.d/clamav-milter start


Starting clamav-milter: LibClamAV debug: Running as user defang (UID 100, GID 101)
LibClamAV debug: loadDatabase: check /var/lib/clamav/daily.cvd for updates
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
...
LibClamAV debug: Loading /tmp/clamav-58c9d443d575b786/main.db
LibClamAV debug: Loading /tmp/clamav-58c9d443d575b786/main.hdb
LibClamAV debug: Loading /tmp/clamav-58c9d443d575b786/main.ndb
LibClamAV debug: Loading /tmp/clamav-58c9d443d575b786/main.zmd
LibClamAV debug: Loading /tmp/clamav-58c9d443d575b786/main.fp
LibClamAV debug: Database loaded
LibClamAV debug: Stat()ing files in /var/lib/clamav
LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Making /tmp/clamav-d85312f3689b359d
                                                           [  ОК  ]











22:07:27




#ps -ax


Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [5]
    2 ?        SN     0:00 [ksoftirqd/0]
    3 ?        S<     0:00 [events/0]
    4 ?        S<     0:00 [khelper]
    5 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [kacpid]
   80 ?        S<     0:00 [kblockd/0]
   83 ?        S<     0:00 [khubd]
...
23131 pts/8    Ss+    0:00 bash -i
23393 ?        S      0:00 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -m 2 -x 10 -U defang -b 600 -l -s /var/spool/MIMEDefang/mim
23394 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
23407 ?        Sl     0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U defang -p /var/spool/
23419 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
24626 ?        Ss     0:00 sendmail: accepting connections
24633 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
24742 ?        Ss     0:00 /usr/sbin/clamd
24760 ?        Ssl    0:00 /usr/sbin/clamav-milter --quiet --dont-wait --force-scan --dont-log-clean --server=localhost --debug --pidfile=/var/run/clamav/clamav-milter.pi
24769 pts/5    R+     0:00 ps -ax











22:07:30




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











22:07:40




#tail -f /var/log/maillog





Oct 27 22:04:53 asp sm-msp-queue[24634]: k9RIHsfn022792: to=root, ctladdr=root (0/0), delay=00:46:59, xdelay=00:00:00, mailer=relay, pri=750029, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.2 Please try again later
Oct 27 22:07:40 asp sendmail[24794]: alias database /etc/aliases rebuilt by root
Oct 27 22:07:40 asp sendmail[24794]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 22:07:40 asp sendmail[24798]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 22:07:40 asp sm-msp-queue[24805]: starting daemon (8.13.7): queueing@01:00:00
Oct 27 22:07:40 asp sendmail[24807]: k9RJ7esf024807: from=<root@asp.linux.nt>, size=299, class=0, nrcpts=1, msgid=<200610271817.k9RIHsfn022792@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:07:40 asp sendmail[24807]: k9RJ7esf024807: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:07:40 asp sendmail[24807]: k9RJ7esf024807: Milter add: header: X-Virus-Status: Clean
Oct 27 22:07:41 asp sm-msp-queue[24806]: k9RIHsfn022792: to=root, ctladdr=root (0/0), delay=00:49:47, xdelay=00:00:01, mailer=relay, pri=840029, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJ7esf024807 Message accepted for delivery)
Oct 27 22:07:41 asp sendmail[24815]: k9RJ7esf024807: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:01, xdelay=00:00:00, mailer=local, pri=30614, dsn=2.0.0, stat=Sent
...
Oct 27 22:13:01 asp sendmail[25001]: k9RJD1Yg025001: Milter add: header: X-Virus-Status: Clean
Oct 27 22:13:01 asp sendmail[24995]: k9RJD1Bg024995: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30038, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJD1Yg025001 Message accepted for delivery)
Oct 27 22:13:01 asp sendmail[25003]: k9RJD1Yg025001: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30623, dsn=2.0.0, stat=Sent
Oct 27 22:14:42 asp sendmail[25032]: k9RJEgAp025032: from=root, size=744, class=0, nrcpts=1, msgid=<20061027191442.GA25014@asp.linux.nt>, relay=root@localhost
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: from=<root@asp.linux.nt>, size=890, class=0, nrcpts=1, msgid=<20061027191442.GA25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: Milter add: header: X-Virus-Status: Clean
Oct 27 22:14:42 asp sendmail[25032]: k9RJEgAp025032: to=root@asp.linux.nt, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30744, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJEgw7025033 Message accepted for delivery)
Oct 27 22:14:42 asp sendmail[25035]: k9RJEgw7025033: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31199, dsn=2.0.0, stat=Sent
You have new mail in /var/spool/mail/root











22:15:51




#tail -f /var/log/





acpid             btmp              cups/             lastlog           messages          prelink.log       scrollkeeper.log  uucp/             Xorg.0.log
audit/            clamav/           dmesg             mail/             mimedefang/       rpmpkgs           secure            vbox/             Xorg.0.log.old
boot.log          cron              gdm/              maillog           ppp/              samba/            spooler           wtmp              yum.log











22:15:51




#tail -f /var/log/messages





Oct 27 22:07:15 asp clamd[24742]: OLE2 support enabled.
Oct 27 22:07:15 asp clamd[24742]: HTML support enabled.
Oct 27 22:07:15 asp clamd[24742]: Self checking every 1800 seconds.
Oct 27 22:07:27 asp clamav-milter[24759]: Loaded ClamAV 0.88.5/2035/Sun Oct 15 23:42:30 2006
Oct 27 22:07:27 asp clamav-milter[24759]: ClamAV: Protecting against 73019 viruses
Oct 27 22:07:27 asp clamav-milter[24760]: Starting ClamAV version 0.88.5, clamav-milter version 0.88.5
Oct 27 22:10:01 asp crond(pam_unix)[24927]: session opened for user root by (uid=0)
Oct 27 22:10:02 asp crond(pam_unix)[24927]: session closed for user root
Oct 27 22:15:01 asp crond(pam_unix)[25038]: session opened for user root by (uid=0)
Oct 27 22:15:02 asp crond(pam_unix)[25038]: session closed for user root











22:16:27




#tail -f /var/log/





acpid             btmp              cups/             lastlog           messages          prelink.log       scrollkeeper.log  uucp/             Xorg.0.log
audit/            clamav/           dmesg             mail/             mimedefang/       rpmpkgs           secure            vbox/             Xorg.0.log.old
boot.log          cron              gdm/              maillog           ppp/              samba/            spooler           wtmp              yum.log











22:16:27




#vi /etc/init













22:16:27




#vi /etc/init.d/mi













22:16:27




#vi /etc/init.d/mimedefang










22:24:31




#vi sendmail.mc










22:25:06




#m4 sendmail.mc > sendmail.cf












22:25:18




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











22:25:26




#tail -f /var/log/maillog





Oct 27 22:14:42 asp sendmail[25032]: k9RJEgAp025032: from=root, size=744, class=0, nrcpts=1, msgid=<20061027191442.GA25014@asp.linux.nt>, relay=root@localhost
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: from=<root@asp.linux.nt>, size=890, class=0, nrcpts=1, msgid=<20061027191442.GA25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:14:42 asp sendmail[25033]: k9RJEgw7025033: Milter add: header: X-Virus-Status: Clean
Oct 27 22:14:42 asp sendmail[25032]: k9RJEgAp025032: to=root@asp.linux.nt, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30744, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJEgw7025033 Message accepted for delivery)
Oct 27 22:14:42 asp sendmail[25035]: k9RJEgw7025033: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31199, dsn=2.0.0, stat=Sent
Oct 27 22:25:26 asp sendmail[25163]: alias database /etc/aliases rebuilt by root
Oct 27 22:25:26 asp sendmail[25163]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 22:25:26 asp sendmail[25167]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 22:25:26 asp sm-msp-queue[25174]: starting daemon (8.13.7): queueing@01:00:00
...
Oct 27 22:27:41 asp mimedefang[25441]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0
Oct 27 22:27:41 asp mimedefang[25441]: Multiplexor alive - entering main loop
Oct 27 22:27:44 asp mimedefang-multiplexor[25427]: Starting slave 1 (pid 25452) (2 running): Bringing slaves up to minSlaves (2)
Oct 27 22:28:31 asp sendmail[25508]: alias database /etc/aliases rebuilt by root
Oct 27 22:28:31 asp sendmail[25508]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 22:28:31 asp sendmail[25512]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 22:28:32 asp sm-msp-queue[25519]: starting daemon (8.13.7): queueing@01:00:00
Oct 27 22:28:32 asp sendmail[25527]: k9RJSWuc025527: from=<root@asp.linux.nt>, size=731, class=0, nrcpts=1, msgid=<20061027192614.GB25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:28:56 asp sendmail[25533]: k9RJSuNS025533: from=root, size=29, class=0, nrcpts=1, msgid=<200610271928.k9RJSuNS025533@asp.linux.nt>, relay=root@localhost
Oct 27 22:28:56 asp sendmail[25539]: k9RJSu2X025539: from=<root@asp.linux.nt>, size=299, class=0, nrcpts=1, msgid=<200610271928.k9RJSuNS025533@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]











/dev/pts/6
22:27:05




$su -


%else       --with-user=%{user} \
if test -d /var/spool/quarantine -a ! -d /var/spool/MD-Quarantine ; then
        mv /var/spool/quarantine /var/spool/MD-Quarantine || true
willingness
fi
# Add user
useradd -M -r -d %{dir_spool} -s /bin/false -c "MIMEDefang User" %{user} > /dev/null 2>&1 || true
%post
# Tighten permissions
chown %{user} %{dir_spool}
...
# Turn off execute b
%pos
cat << EOFi
In order to complete the installation of mimedefang, you will need to add the
chmod 755 %{dir_log}
following line to your sendmail mc file:
   INPUT_MAIL_FILTER(\`mimedefang', \`S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m;E:5m')
Use the sendmail-cf package to rebuild your /etc/mail/sendmail.cf file and
                     Password:
l3-agent is already running: pid=13191; pidfile=/root/.lilalo/l3-agent.pid











22:27:09




#mutt


 N F- 3/3: root
Оставлено: 3, удалено: 0.











/dev/pts/3
22:29:02




#tail -f /var/log/messages





Oct 27 22:28:11 asp clamd[25464]: Archive: Blocking archives that exceed limits.
Oct 27 22:28:11 asp clamd[25464]: Portable Executable support enabled.
Oct 27 22:28:11 asp clamd[25464]: Detection of broken executables enabled.
Oct 27 22:28:11 asp clamd[25464]: Mail files support enabled.
Oct 27 22:28:11 asp clamd[25464]: OLE2 support enabled.
Oct 27 22:28:11 asp clamd[25464]: HTML support enabled.
Oct 27 22:28:11 asp clamd[25464]: Self checking every 1800 seconds.
Oct 27 22:28:18 asp clamav-milter[25479]: Loaded ClamAV 0.88.5/2035/Sun Oct 15 23:42:30 2006
Oct 27 22:28:18 asp clamav-milter[25479]: ClamAV: Protecting against 73019 viruses
Oct 27 22:28:18 asp clamav-milter[25480]: Starting ClamAV version 0.88.5, clamav-milter version 0.88.5











22:29:13




#tail -f /var/log/maillog





Oct 27 22:27:41 asp mimedefang[25441]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=0 doRecipientCheck=0
Oct 27 22:27:41 asp mimedefang[25441]: Multiplexor alive - entering main loop
Oct 27 22:27:44 asp mimedefang-multiplexor[25427]: Starting slave 1 (pid 25452) (2 running): Bringing slaves up to minSlaves (2)
Oct 27 22:28:31 asp sendmail[25508]: alias database /etc/aliases rebuilt by root
Oct 27 22:28:31 asp sendmail[25508]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 22:28:31 asp sendmail[25512]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 22:28:32 asp sm-msp-queue[25519]: starting daemon (8.13.7): queueing@01:00:00
Oct 27 22:28:32 asp sendmail[25527]: k9RJSWuc025527: from=<root@asp.linux.nt>, size=731, class=0, nrcpts=1, msgid=<20061027192614.GB25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:28:56 asp sendmail[25533]: k9RJSuNS025533: from=root, size=29, class=0, nrcpts=1, msgid=<200610271928.k9RJSuNS025533@asp.linux.nt>, relay=root@localhost
Oct 27 22:28:56 asp sendmail[25539]: k9RJSu2X025539: from=<root@asp.linux.nt>, size=299, class=0, nrcpts=1, msgid=<200610271928.k9RJSuNS025533@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]











22:29:22




#tail -f /var/log/





acpid             btmp              cups/             lastlog           messages          prelink.log       scrollkeeper.log  uucp/             Xorg.0.log
audit/            clamav/           dmesg             mail/             mimedefang/       rpmpkgs           secure            vbox/             Xorg.0.log.old
boot.log          cron              gdm/              maillog           ppp/              samba/            spooler           wtmp              yum.log











22:29:22




#tail -f /var/log/clamav/clamd





clamd1.log  clamd.log











22:29:22




#tail -f /var/log/clamav/clamd1.log





Fri Oct 27 21:59:27 2006 -> Portable Executable support enabled.
Fri Oct 27 21:59:27 2006 -> Detection of broken executables enabled.
Fri Oct 27 21:59:27 2006 -> Mail files support enabled.
Fri Oct 27 21:59:27 2006 -> OLE2 support enabled.
Fri Oct 27 21:59:27 2006 -> HTML support enabled.
Fri Oct 27 21:59:27 2006 -> Self checking every 1800 seconds.
Fri Oct 27 22:03:34 2006 -> Socket file removed.
Fri Oct 27 22:03:34 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 22:03:34 2006 -> Exiting (clean)
Fri Oct 27 22:03:34 2006 -> --- Stopped at Fri Oct 27 22:03:34 2006











22:29:45




#tail -f /var/log/maillog





Oct 27 22:28:56 asp sendmail[25539]: k9RJSu2X025539: from=<root@asp.linux.nt>, size=299, class=0, nrcpts=1, msgid=<200610271928.k9RJSuNS025533@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:29:32 asp sendmail[25527]: k9RJSWuc025527: Milter (mimedefang): timeout before data read
Oct 27 22:29:32 asp sendmail[25527]: k9RJSWuc025527: Milter (mimedefang): to error state
Oct 27 22:29:32 asp sendmail[25527]: k9RJSWuc025527: Milter: data, reject=451 4.3.2 Please try again later
Oct 27 22:29:32 asp sendmail[25527]: k9RJSWuc025527: to=<root@asp.linux.nt>, delay=00:01:00, pri=30731, stat=Please try again later
Oct 27 22:29:32 asp sm-msp-queue[25520]: k9RJQEgh025188: to=root@asp.linux.nt, ctladdr=root (0/0), delay=00:03:18, xdelay=00:01:00, mailer=relay, pri=120585, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.2 Please try again later
Oct 27 22:29:32 asp mimedefang.pl[25428]: k9RJSWuc025527: Timeout reading from clamd daemon at /var/spool/MIMEDefang/clamd.sock
Oct 27 22:29:32 asp mimedefang.pl[25428]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 22:29:32 asp mimedefang.pl[25428]: filter: k9RJSWuc025527:  tempfail=1
Oct 27 22:29:32 asp mimedefang[25441]: k9RJSWuc025527: Tempfailing because filter instructed us to
...
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZlw025974: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZlw025974: Milter add: header: X-Virus-Status: Clean
Oct 27 22:37:35 asp sm-msp-queue[25969]: k9RJSuNS025533: to=root, ctladdr=root (0/0), delay=00:08:39, xdelay=00:00:00, mailer=relay, pri=300029, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJbZlw025974 Message accepted for delivery)
Oct 27 22:37:35 asp sendmail[25978]: k9RJbZlw025974: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30614, dsn=2.0.0, stat=Sent
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: from=<root@asp.linux.nt>, size=731, class=0, nrcpts=1, msgid=<20061027192614.GB25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: Milter add: header: X-Virus-Status: Clean
Oct 27 22:37:35 asp sm-msp-queue[25969]: k9RJQEgh025188: to=root@asp.linux.nt, ctladdr=root (0/0), delay=00:11:21, xdelay=00:00:00, mailer=relay, pri=390585, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJbZm0025974 Message accepted for delivery)
Oct 27 22:37:35 asp sendmail[25980]: k9RJbZm0025974: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31042, dsn=2.0.0, stat=Sent
You have new mail in /var/spool/mail/root











/dev/pts/6
22:32:34




#tail -f /var/log/maillog





Oct 27 22:37:35 asp sendmail[25978]: k9RJbZlw025974: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30614, dsn=2.0.0, stat=Sent
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: from=<root@asp.linux.nt>, size=731, class=0, nrcpts=1, msgid=<20061027192614.GB25014@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: Milter add: header: X-Virus-Scanned: ClamAV version 0.88.5, clamav-milter version 0.88.5 on asp.linux.nt
Oct 27 22:37:35 asp sendmail[25974]: k9RJbZm0025974: Milter add: header: X-Virus-Status: Clean
Oct 27 22:37:35 asp sm-msp-queue[25969]: k9RJQEgh025188: to=root@asp.linux.nt, ctladdr=root (0/0), delay=00:11:21, xdelay=00:00:00, mailer=relay, pri=390585, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (k9RJbZm0025974 Message accepted for delivery)
Oct 27 22:37:35 asp sendmail[25980]: k9RJbZm0025974: to=<root@asp.linux.nt>, ctladdr=<root@asp.linux.nt> (0/0), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31042, dsn=2.0.0, stat=Sent
Oct 27 23:02:22 asp sendmail[26228]: alias database /etc/aliases rebuilt by root
Oct 27 23:02:22 asp sendmail[26228]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 23:02:22 asp sendmail[26232]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 23:02:22 asp sm-msp-queue[26239]: starting daemon (8.13.7): queueing@01:00:00
...
Oct 27 23:03:04 asp mimedefang-multiplexor[26307]: Starting slave 1 (pid 26332) (2 running): Bringing slaves up to minSlaves (2)
Oct 27 23:03:51 asp sendmail[26361]: k9RK3pQi026361: from=root, size=30, class=0, nrcpts=1, msgid=<200610272003.k9RK3pQi026361@asp.linux.nt>, relay=root@localhost
Oct 27 23:03:52 asp sendmail[26367]: k9RK3q6W026367: from=<root@asp.linux.nt>, size=300, class=0, nrcpts=1, msgid=<200610272003.k9RK3pQi026361@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 23:03:52 asp mimedefang.pl[26308]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 23:03:52 asp mimedefang.pl[26308]: filter: k9RK3q6W026367:  tempfail=1
Oct 27 23:03:52 asp mimedefang[26321]: k9RK3q6W026367: Tempfailing because filter instructed us to
Oct 27 23:03:52 asp sendmail[26367]: k9RK3q6W026367: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:03:52 asp sendmail[26367]: k9RK3q6W026367: to=<root@asp.linux.nt>, delay=00:00:00, pri=30300, stat=Problem running virus-scanner
Oct 27 23:03:52 asp sendmail[26361]: k9RK3pQi026361: to=root, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30030, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.0 Problem running virus-scanner
You have new mail in /var/spool/mail/root









прошла 21 минута




/dev/pts/3
22:53:55




#yum install named


Setting up Install Process
Setting up repositories
base                      100% |=========================|  951 B    00:00
updates-released          100% |=========================|  951 B    00:00
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: named
Nothing to do











22:54:20




#yum search named


pstack.i386                              1.2-7                  base
Matched from:
pstack dumps a stack trace for a process, given the pid of that
process.  If the process named is part of a thread group, then all the threads
in the group are traced.
qca.i386                                 1.0-5                  base
Matched from:
Taking a hint from the similarly-named Java Cryptography Architecture,
QCA aims to provide a straightforward and cross-platform crypto API,
using Qt datatypes and conventions. QCA separates the API from the
...
manufacturer's website can be uncompressed using "unzip" even if it's an .exe
file. Some drivers can also be found on driverguide.com. If you can't get the
firmware directly, you must install the Windows driver on a Windows platform.
The firmware was located in c:\windows\system32\drivers\PS1fw.usb in example
case.
pstack.i386                              1.2-7                  installed
Matched from:
pstack dumps a stack trace for a process, given the pid of that
process.  If the process named is part of a thread group, then all the threads
in the group are traced.











22:54:41




#yum install bind9


Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: bind9
Nothing to do











22:54:51




#yum install bind-9


Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
No Match for argument: bind-9
Nothing to do











22:54:56




#yum install bind


Setting up Install Process
Setting up repositories
Reading repository metadata in from local files
Parsing package install arguments
Resolving Dependencies
--> Populating transaction set with selected packages. Please wait.
---> Downloading header for bind to pack into transaction set.
bind-9.3.1-20.FC4.i386.rp 100% |=========================|  39 kB    00:01
---> Package bind.i386 24:9.3.1-20.FC4 set to be updated
--> Running transaction check
...
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing: bind-libs                    ######################### [1/3]
  Installing: bind-utils                   ######################### [2/3]
  Installing: bind                         ######################### [3/3]
Installed: bind.i386 24:9.3.1-20.FC4
Dependency Installed: bind-libs.i386 24:9.3.1-20.FC4 bind-utils.i386 24:9.3.1-20.FC4
Complete!











23:02:42




#vi /













23:02:42




#cd /usr/src/mimedefang-2.57/redhat/












/dev/pts/6
23:04:32




#vi /etc/mail/mimedefang-filter










23:05:12




#tail -f /var/log/messages





Oct 27 23:03:22 asp clamd[26339]: Archive: Blocking encrypted archives.
Oct 27 23:03:22 asp clamd[26339]: Archive: Blocking archives that exceed limits.
Oct 27 23:03:22 asp clamd[26339]: Portable Executable support enabled.
Oct 27 23:03:22 asp clamd[26339]: Detection of broken executables enabled.
Oct 27 23:03:22 asp clamd[26339]: Mail files support enabled.
Oct 27 23:03:22 asp clamd[26339]: OLE2 support enabled.
Oct 27 23:03:22 asp clamd[26339]: HTML support enabled.
Oct 27 23:03:22 asp clamd[26339]: Self checking every 1800 seconds.
Oct 27 23:05:01 asp crond(pam_unix)[26387]: session opened for user root by (uid=0)
Oct 27 23:05:02 asp crond(pam_unix)[26387]: session closed for user root
c











23:05:23




#cd /var/spool/





anacron/       clamav/        cron/          lpd/           MD-Quarantine/ mqueue/        uucp/          vbox/
at/            clientmqueue/  cups/          mail/          MIMEDefang/    repackage/     uucppublic/











23:05:23




#cd /var/spool/cl





clamav/       clientmqueue/











23:05:23




#cd /var/spool/MIMEDefang/





clamd.sock                   mimedefang-multiplexor.pid   mimedefang-multiplexor.sock  mimedefang.pid               mimedefang.sock











23:05:23




#cd /var/spool/MIMEDefang/












23:06:07




#/etc/init.d/clamd stop


Stopping Clam AV daemon:                                   [  ОК  ]











23:06:25




#ls


mimedefang-multiplexor.pid  mimedefang-multiplexor.sock  mimedefang.pid  mimedefang.sock











23:06:26




#/etc/init.d/clamd start


Starting Clam AV daemon: LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
...
LibClamAV debug: Unpacking /tmp/clamav-8ef1d3d095680f97/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-8ef1d3d095680f97/main.fp
LibClamAV debug: Unpacking /tmp/clamav-8ef1d3d095680f97/main.info
LibClamAV debug: Loading databases from /tmp/clamav-8ef1d3d095680f97
LibClamAV debug: Loading /tmp/clamav-8ef1d3d095680f97/main.db
LibClamAV debug: Loading /tmp/clamav-8ef1d3d095680f97/main.hdb
LibClamAV debug: Loading /tmp/clamav-8ef1d3d095680f97/main.ndb
LibClamAV debug: Loading /tmp/clamav-8ef1d3d095680f97/main.zmd
LibClamAV debug: Loading /tmp/clamav-8ef1d3d095680f97/main.fp
                                                           [  ОК  ]











23:06:34




#/etc/init.d/sendmail restart


Останавливается sm-client:                  [  ОК  ]
Останавливается sendmail:                   [  ОК  ]
Запускается sendmail:                           [  ОК  ]
Запускается sm-client:                          [  ОК  ]











23:06:45




#tail -f /var/log/maillog





Oct 27 23:17:29 asp mimedefang-multiplexor[26676]: Starting slave 1 (pid 26701) (2 running): Bringing slaves up to minSlaves (2)
Oct 27 23:17:49 asp sendmail[26729]: alias database /etc/aliases rebuilt by root
Oct 27 23:17:49 asp sendmail[26729]: /etc/aliases: 76 aliases, longest 10 bytes, 765 bytes total
Oct 27 23:17:49 asp sendmail[26733]: starting daemon (8.13.7): SMTP+queueing@01:00:00
Oct 27 23:17:49 asp sm-msp-queue[26740]: starting daemon (8.13.7): queueing@01:00:00
Oct 27 23:17:50 asp sendmail[26748]: k9RKHnob026748: from=<root@asp.linux.nt>, size=298, class=0, nrcpts=1, msgid=<200610272006.k9RK6qca026488@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 23:17:50 asp mimedefang.pl[26677]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 23:17:50 asp mimedefang.pl[26677]: filter: k9RKHnob026748:  tempfail=1
Oct 27 23:17:50 asp mimedefang[26690]: k9RKHnob026748: Tempfailing because filter instructed us to
Oct 27 23:17:50 asp sendmail[26748]: k9RKHnob026748: Milter: data, reject=451 4.3.0 Problem running virus-scanner
...
Oct 27 23:30:30 asp sm-msp-queue[27296]: k9RK6qca026488: to=root, ctladdr=root (0/0), delay=00:23:38, xdelay=00:00:00, mailer=relay, pri=300028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.0 Problem running virus-scanner
Oct 27 23:30:30 asp sendmail[27301]: k9RKUUX8027301: from=<root@asp.linux.nt>, size=300, class=0, nrcpts=1, msgid=<200610272003.k9RK3pQi026361@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 23:30:30 asp clamd[27192]: /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/msg-27240-3.txt: OK
Oct 27 23:30:30 asp clamd[27192]: /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/INPUTMBOX: OK
Oct 27 23:30:30 asp mimedefang.pl[27240]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 23:30:30 asp mimedefang.pl[27240]: filter: k9RKUUX8027301:  tempfail=1
Oct 27 23:30:30 asp mimedefang[27253]: k9RKUUX8027301: Tempfailing because filter instructed us to
Oct 27 23:30:30 asp sendmail[27301]: k9RKUUX8027301: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:30:30 asp sendmail[27301]: k9RKUUX8027301: to=<root@asp.linux.nt>, delay=00:00:00, pri=30300, stat=Problem running virus-scanner
Oct 27 23:30:30 asp sm-msp-queue[27296]: k9RK3pQi026361: to=root, ctladdr=root (0/0), delay=00:26:39, xdelay=00:00:00, mailer=relay, pri=390030, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.0 Problem running virus-scanner









прошло 26 минут




23:33:04




#ps -aux | grep clam


Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
defang   27192  0.0  1.6  31548 16352 ?        Ss   23:29   0:00 /usr/sbin/clamd
root     27338  0.0  0.0   3788   756 pts/8    S+   23:33   0:00 grep clam











23:33:12




#cat /var/log/clamav/clamd.log


Fri Oct 27 21:33:23 2006 -> Socket file removed.
Fri Oct 27 21:33:23 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:33:23 2006 -> Exiting (clean)
Fri Oct 27 21:33:23 2006 -> --- Stopped at Fri Oct 27 21:33:23 2006
Fri Oct 27 21:33:24 2006 -> +++ Started at Fri Oct 27 21:33:24 2006
Fri Oct 27 21:33:24 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 21:33:24 2006 -> Log file size limit disabled.
Fri Oct 27 21:33:24 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 21:33:24 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 21:33:25 2006 -> Protecting against 73019 viruses.
...
Fri Oct 27 23:29:58 2006 -> Mail files support enabled.
Fri Oct 27 23:29:58 2006 -> OLE2 support enabled.
Fri Oct 27 23:29:58 2006 -> HTML support enabled.
Fri Oct 27 23:29:58 2006 -> Self checking every 1800 seconds.
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX4027301/Work/msg-27240-1.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX4027301/Work/INPUTMBOX: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX6027301/Work/msg-27240-2.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX6027301/Work/INPUTMBOX: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/msg-27240-3.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/INPUTMBOX: OK











23:34:10




#ls -ad /var/run/clamav/


/var/run/clamav/











23:34:22




#ls -al /var/run/clamav/


итого 20
drwxr-xr-x   2 defang defang 4096 Окт 27 23:29 .
drwxr-xr-x  19 root   root   4096 Окт 27 23:30 ..
-rw-rw----   1 defang defang    7 Окт 27 22:35 clamav-milter.pid
-rw-rw----   1 defang defang    5 Окт 27 23:29 clamd.pid











23:34:26




#rm /var/run/clamav/clamd.pid


rm: удалить обычный файл `/var/run/clamav/clamd.pid'? y











23:34:50




#/etc/init.d/clamd restart


Stopping Clam AV daemon:                                   [  ОК  ]
Starting Clam AV daemon: LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
...
LibClamAV debug: Unpacking /tmp/clamav-817fb75e34498aa7/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-817fb75e34498aa7/main.fp
LibClamAV debug: Unpacking /tmp/clamav-817fb75e34498aa7/main.info
LibClamAV debug: Loading databases from /tmp/clamav-817fb75e34498aa7
LibClamAV debug: Loading /tmp/clamav-817fb75e34498aa7/main.db
LibClamAV debug: Loading /tmp/clamav-817fb75e34498aa7/main.hdb
LibClamAV debug: Loading /tmp/clamav-817fb75e34498aa7/main.ndb
LibClamAV debug: Loading /tmp/clamav-817fb75e34498aa7/main.zmd
LibClamAV debug: Loading /tmp/clamav-817fb75e34498aa7/main.fp
                                                           [  ОК  ]











23:34:59




#cat /var/log/clamav/clamd.log


Fri Oct 27 21:48:57 2006 -> Mail files support enabled.
Fri Oct 27 21:48:57 2006 -> OLE2 support enabled.
Fri Oct 27 21:48:57 2006 -> HTML support enabled.
Fri Oct 27 21:48:57 2006 -> Self checking every 1800 seconds.
Fri Oct 27 21:57:37 2006 -> Socket file removed.
Fri Oct 27 21:57:37 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:57:37 2006 -> Exiting (clean)
Fri Oct 27 21:57:37 2006 -> --- Stopped at Fri Oct 27 21:57:37 2006
Fri Oct 27 21:57:37 2006 -> +++ Started at Fri Oct 27 21:57:37 2006
Fri Oct 27 21:57:37 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
...
Fri Oct 27 23:34:59 2006 -> Archive support enabled.
Fri Oct 27 23:34:59 2006 -> Archive: RAR support disabled.
Fri Oct 27 23:34:59 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 23:34:59 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 23:34:59 2006 -> Portable Executable support enabled.
Fri Oct 27 23:34:59 2006 -> Detection of broken executables enabled.
Fri Oct 27 23:34:59 2006 -> Mail files support enabled.
Fri Oct 27 23:34:59 2006 -> OLE2 support enabled.
Fri Oct 27 23:34:59 2006 -> HTML support enabled.
Fri Oct 27 23:34:59 2006 -> Self checking every 1800 seconds.











23:35:03




#ls -al /var/run/clamav/


итого 20
drwxr-xr-x   2 defang defang 4096 Окт 27 23:34 .
drwxr-xr-x  19 root   root   4096 Окт 27 23:30 ..
-rw-rw----   1 defang defang    7 Окт 27 22:35 clamav-milter.pid
-rw-rw----   1 defang defang    5 Окт 27 23:34 clamd.pid











23:35:38




#/etc/init.d/clamd restart


Stopping Clam AV daemon:                                   [  ОК  ]
Starting Clam AV daemon: LibClamAV debug: Setting /tmp as global temporary directory
LibClamAV debug: Loading databases from /var/lib/clamav
LibClamAV debug: Loading /var/lib/clamav/daily.cvd
LibClamAV debug: in cli_cvdload()
LibClamAV debug: MD5(.tar.gz) = 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Decoded signature: 9743cd52d2fa858b6420abd3b6c78b72
LibClamAV debug: Digital signature is correct.
LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
...
LibClamAV debug: Unpacking /tmp/clamav-7ee135135f4f27d7/main.zmd
LibClamAV debug: Unpacking /tmp/clamav-7ee135135f4f27d7/main.fp
LibClamAV debug: Unpacking /tmp/clamav-7ee135135f4f27d7/main.info
LibClamAV debug: Loading databases from /tmp/clamav-7ee135135f4f27d7
LibClamAV debug: Loading /tmp/clamav-7ee135135f4f27d7/main.db
LibClamAV debug: Loading /tmp/clamav-7ee135135f4f27d7/main.hdb
LibClamAV debug: Loading /tmp/clamav-7ee135135f4f27d7/main.ndb
LibClamAV debug: Loading /tmp/clamav-7ee135135f4f27d7/main.zmd
LibClamAV debug: Loading /tmp/clamav-7ee135135f4f27d7/main.fp
                                                           [  ОК  ]











23:35:47




#cat /var/log/clamav/clamd.log


Fri Oct 27 21:57:39 2006 -> Self checking every 1800 seconds.
Fri Oct 27 21:58:17 2006 -> Socket file removed.
Fri Oct 27 21:58:17 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:17 2006 -> Exiting (clean)
Fri Oct 27 21:58:17 2006 -> --- Stopped at Fri Oct 27 21:58:17 2006
Fri Oct 27 21:58:18 2006 -> +++ Started at Fri Oct 27 21:58:18 2006
Fri Oct 27 21:58:18 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 21:58:18 2006 -> Log file size limit disabled.
Fri Oct 27 21:58:18 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 21:58:18 2006 -> Reading databases from /var/lib/clamav
...
Fri Oct 27 23:35:47 2006 -> Archive support enabled.
Fri Oct 27 23:35:47 2006 -> Archive: RAR support disabled.
Fri Oct 27 23:35:47 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 23:35:47 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 23:35:47 2006 -> Portable Executable support enabled.
Fri Oct 27 23:35:47 2006 -> Detection of broken executables enabled.
Fri Oct 27 23:35:47 2006 -> Mail files support enabled.
Fri Oct 27 23:35:47 2006 -> OLE2 support enabled.
Fri Oct 27 23:35:47 2006 -> HTML support enabled.
Fri Oct 27 23:35:47 2006 -> Self checking every 1800 seconds.











23:35:49




#mail root -s trew


sad
Cc:











23:36:19




#tail -f /var/log/maillog





Oct 27 23:36:19 asp sendmail[27443]: k9RKaJJV027443: from=root, size=28, class=0, nrcpts=1, msgid=<200610272036.k9RKaJJV027443@asp.linux.nt>, relay=root@localhost
Oct 27 23:36:19 asp sendmail[27449]: k9RKaJB3027449: from=<root@asp.linux.nt>, size=298, class=0, nrcpts=1, msgid=<200610272036.k9RKaJJV027443@asp.linux.nt>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Oct 27 23:36:19 asp clamd[27427]: /var/spool/MIMEDefang/mdefang-k9RKaJB3027449/Work/msg-27240-4.txt: OK
Oct 27 23:36:19 asp clamd[27427]: /var/spool/MIMEDefang/mdefang-k9RKaJB3027449/Work/INPUTMBOX: OK
Oct 27 23:36:19 asp mimedefang.pl[27240]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 23:36:19 asp mimedefang.pl[27240]: filter: k9RKaJB3027449:  tempfail=1
Oct 27 23:36:19 asp mimedefang[27253]: k9RKaJB3027449: Tempfailing because filter instructed us to
Oct 27 23:36:19 asp sendmail[27449]: k9RKaJB3027449: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:36:19 asp sendmail[27449]: k9RKaJB3027449: to=<root@asp.linux.nt>, delay=00:00:00, pri=30298, stat=Problem running virus-scanner
Oct 27 23:36:19 asp sendmail[27443]: k9RKaJJV027443: to=root, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30028, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: 451 4.3.0 Problem running virus-scanner
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: from=ter@mail.ru, size=22, class=0, nrcpts=1, msgid=<200610272048.k9RKmEot027524@asp.linux.nt>, proto=SMTP, daemon=MTA, relay=[192.168.15.1]
Oct 27 23:49:16 asp clamd[27427]: /var/spool/MIMEDefang/mdefang-k9RKmEot027524/Work/msg-27240-5.txt: OK
Oct 27 23:49:16 asp clamd[27427]: /var/spool/MIMEDefang/mdefang-k9RKmEot027524/Work/INPUTMBOX: OK
Oct 27 23:49:16 asp mimedefang.pl[27240]: Problem running virus scanner: code=226, category=swerr, action=tempfail
Oct 27 23:49:16 asp mimedefang.pl[27240]: filter: k9RKmEot027524:  tempfail=1
Oct 27 23:49:16 asp mimedefang[27253]: k9RKmEot027524: Tempfailing because filter instructed us to
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: to=root@asp.linux.nt, delay=00:00:20, pri=30022, stat=Problem running virus-scanner









Суббота (10/28/06)


00:06:55




#rpm -Uhv --force /home/user/Desktop/clam





clamav-0.88.5-1.rh9.rf.i386.rpm        clamav-db-0.88.5-1.rh9.rf.i386.rpm     clamd-0.88.5-1.rh9.rf.i386.rpm
clamav-0.90RC1.1.tar.gz                clamav-devel-0.88.5-1.rh9.rf.i386.rpm











00:06:55




#rpm -Uhv --force /home/user/Desktop/clamd-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamd-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
ошибка: Неудовлетворенные зависимости:
        clamav = 0.88.5-1.rh9.rf нужен для clamd-0.88.5-1.rh9.rf.i386











00:07:16




#rpm -Uhv --force /home/user/Desktop/clamav-





clamav-0.88.5-1.rh9.rf.i386.rpm        clamav-0.90RC1.1.tar.gz                clamav-db-0.88.5-1.rh9.rf.i386.rpm     clamav-devel-0.88.5-1.rh9.rf.i386.rpm











00:07:16




#rpm -Uhv --force /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
ошибка: Неудовлетворенные зависимости:
        clamav-db = 0.88.5-1.rh9.rf нужен для clamav-0.88.5-1.rh9.rf.i386
        libclamav_unrar3.so нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386
        clamav = 70:0.88.5-1.110asp нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386











00:07:36




#rpm -Uhv --force /home/user/Desktop/clamav-d





clamav-db-0.88.5-1.rh9.rf.i386.rpm     clamav-devel-0.88.5-1.rh9.rf.i386.rpm











00:07:36




#rpm -Uhv --force /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav-db              ########################################### [100%]
ошибка: распаковка архива не удалась на файле /var/clamav/main.cvd;45427526: cpio: read











00:07:50




#rpm -Uhv --force /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav-db              предупреждение: /etc/cron.daily/freshclam создан как /etc/cron.daily/freshclam.rpmnew
предупреждение: /etc/logrotate.d/freshclam создан как /etc/logrotate.d/freshclam.rpmnew
предупреждение: /var/clamav/daily.cvd создан как /var/clamav/daily.cvd.rpmnew
########################################### [100%]
ошибка: распаковка архива не удалась на файле /var/clamav/main.cvd;45427531: cpio: read











00:08:01




#rpm -Uhv --force /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav-db              предупреждение: /etc/cron.daily/freshclam создан как /etc/cron.daily/freshclam.rpmnew
предупреждение: /etc/logrotate.d/freshclam создан как /etc/logrotate.d/freshclam.rpmnew
предупреждение: /var/clamav/daily.cvd создан как /var/clamav/daily.cvd.rpmnew
########################################### [100%]
ошибка: распаковка архива не удалась на файле /var/clamav/main.cvd;45427532: cpio: read











00:08:02




#rpm -Uhv --force /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
ошибка: Неудовлетворенные зависимости:
        clamav-db = 0.88.5-1.rh9.rf нужен для clamav-0.88.5-1.rh9.rf.i386
        libclamav_unrar3.so нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386
        clamav = 70:0.88.5-1.110asp нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386











00:08:07




#rpm -Uhv --force /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav-db              предупреждение: /etc/cron.daily/freshclam создан как /etc/cron.daily/freshclam.rpmnew
предупреждение: /etc/logrotate.d/freshclam создан как /etc/logrotate.d/freshclam.rpmnew
предупреждение: /var/clamav/daily.cvd создан как /var/clamav/daily.cvd.rpmnew
########################################### [100%]
ошибка: распаковка архива не удалась на файле /var/clamav/main.cvd;45427547: cpio: read











00:08:23




#rpm -Uhv --force /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
ошибка: Неудовлетворенные зависимости:
        clamav-db = 0.88.5-1.rh9.rf нужен для clamav-0.88.5-1.rh9.rf.i386
        libclamav_unrar3.so нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386
        clamav = 70:0.88.5-1.110asp нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386











00:08:26




#rpm -Uhv --force /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
ошибка: Неудовлетворенные зависимости:
        clamav-db = 0.88.5-1.rh9.rf нужен для clamav-0.88.5-1.rh9.rf.i386
        libclamav_unrar3.so нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386
        clamav = 70:0.88.5-1.110asp нужен для (установлен)clamav-milter-0.88.5-1.110asp.i386











00:08:35




#rpm -Uhv --force --nodeps /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm


предупреждение: /home/user/Desktop/clamav-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav                 предупреждение: /etc/freshclam.conf создан как /etc/freshclam.conf.rpmnew
########################################### [100%]
предупреждение: /var/lib/clamav/daily.cvd сохранен как /var/lib/clamav/daily.cvd.rpmsave
предупреждение: /etc/logrotate.d/freshclam сохранен как /etc/logrotate.d/freshclam.rpmsave
предупреждение: /etc/clamd.conf сохранен как /etc/clamd.conf.rpmsave











00:08:43




#rpm -Uhv --force --nodeps /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm





предупреждение: /home/user/Desktop/clamav-db-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamav-db              предупреждение: /var/clamav/daily.cvd создан как /var/clamav/daily.cvd.rpmnew
########################################### [100%]
ошибка: распаковка архива не удалась на файле /var/clamav/main.cvd;45427565: cpio: read











00:08:53




#rpm -Uhv --force /home/user/Desktop/clamd-0.88.5-1.rh9.rf.i386.rpm


предупреждение: /home/user/Desktop/clamd-0.88.5-1.rh9.rf.i386.rpm: Заголовок V3 DSA signature: NOKEY, key ID 6b8d79e6
Подготовка...     ########################################### [100%]
   1:clamd                  ########################################### [100%]











00:09:04




#vi /etc/clamd.conf













00:09:04




#vi /etc/clamd.conf










00:11:12




#/etc/init.d/clamd stop


Stopping Clam AntiVirus Daemon:                            [  ОК  ]











00:11:19




#/etc/init.d/clamd start


Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
LibClamAV Warning: **************************************************
                                                           [  ОК  ]











00:11:22




#ps -ax


Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [5]
    2 ?        SN     0:00 [ksoftirqd/0]
    3 ?        S<     0:00 [events/0]
    4 ?        S<     0:00 [khelper]
    5 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [kacpid]
   80 ?        S<     0:00 [kblockd/0]
   83 ?        S<     0:00 [khubd]
...
27253 ?        Sl     0:00 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -R -1 -U defang -p /var/spool/
27264 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
27288 ?        Ss     0:00 sendmail: accepting connections
27295 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
27325 pts/5    S+     0:00 /bin/vi mimedefang.spec
27590 ?        Ss     0:00 sshd: root@pts/9
27593 pts/9    Ss+    0:00 script -f -q /root/.lilalo//93929998153653587-1161982837.script
27653 pts/9    S+     0:00 script -f -q /root/.lilalo//93929998153653587-1161982837.script
27654 pts/10   Ss+    0:00 bash -i
28023 pts/8    R+     0:00 ps -ax











00:11:25




#tail -f /var/log/messages





Oct 28 00:05:02 asp crond(pam_unix)[27793]: session closed for user root
Oct 28 00:10:01 asp crond(pam_unix)[27981]: session opened for user root by (uid=0)
Oct 28 00:10:02 asp crond(pam_unix)[27981]: session closed for user root
Oct 28 00:11:22 asp clamd[28014]: Daemon started.
Oct 28 00:11:22 asp clamd[28014]: clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Oct 28 00:11:22 asp clamd[28014]: Log file size limit disabled.
Oct 28 00:11:22 asp clamd[28014]: Running as user defang (UID 100, GID 101)
Oct 28 00:11:22 asp clamd[28014]: Reading databases from /var/clamav
Oct 28 00:11:22 asp clamd[28014]: Protecting against 8881 viruses.
Oct 28 00:11:22 asp clamd[28015]: Socket file /var/spool/MIMEDefangc/clamd.sock could not be bound: No such file or directory











00:11:47




#vi /etc/clamd.conf










00:12:01




#/etc/init.d/clamd start


Starting Clam AntiVirus Daemon: LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days.  ***
LibClamAV Warning: ***        Please update it IMMEDIATELY!       ***
LibClamAV Warning: **************************************************
                                                           [  ОК  ]











00:12:03




#vi /etc/clamd.conf










00:12:06




#tail -f /var/log/messages





Oct 28 00:12:03 asp clamd[28055]: Archive support enabled.
Oct 28 00:12:03 asp clamd[28055]: Archive: RAR support disabled.
Oct 28 00:12:03 asp clamd[28055]: Archive: Blocking encrypted archives.
Oct 28 00:12:03 asp clamd[28055]: Archive: Blocking archives that exceed limits.
Oct 28 00:12:03 asp clamd[28055]: Portable Executable support enabled.
Oct 28 00:12:03 asp clamd[28055]: Detection of broken executables enabled.
Oct 28 00:12:03 asp clamd[28055]: Mail files support enabled.
Oct 28 00:12:03 asp clamd[28055]: OLE2 support enabled.
Oct 28 00:12:03 asp clamd[28055]: HTML support enabled.
Oct 28 00:12:03 asp clamd[28055]: Self checking every 1800 seconds.











00:12:13




#tail -f /var/log/maillog





Oct 27 23:49:16 asp mimedefang.pl[27240]: filter: k9RKmEot027524:  tempfail=1
Oct 27 23:49:16 asp mimedefang[27253]: k9RKmEot027524: Tempfailing because filter instructed us to
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: to=root@asp.linux.nt, delay=00:00:20, pri=30022, stat=Problem running virus-scanner
Oct 28 00:11:18 asp clamd[27427]: Shutting down the main socket.
Oct 28 00:11:18 asp clamd[27427]: Closing the main socket.
Oct 28 00:11:18 asp clamd[27427]: Socket file removed.
Oct 28 00:11:18 asp clamd[27427]: Can't unlink the pid file /var/run/clamav/clamd.pid
Oct 28 00:11:18 asp clamd[27427]: Exiting (clean)
Oct 28 00:11:18 asp clamd[27427]: --- Stopped at Sat Oct 28 00:11:18 2006











00:12:34




#ps -ax


Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.5/FAQ
  PID TTY      STAT   TIME COMMAND
    1 ?        S      0:00 init [5]
    2 ?        SN     0:00 [ksoftirqd/0]
    3 ?        S<     0:00 [events/0]
    4 ?        S<     0:00 [khelper]
    5 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [kacpid]
   80 ?        S<     0:00 [kblockd/0]
   83 ?        S<     0:00 [khubd]
...
27264 ?        S      0:01 /usr/bin/perl /usr/bin/mimedefang.pl -server
27288 ?        Ss     0:00 sendmail: accepting connections
27295 ?        Ss     0:00 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
27325 pts/5    S+     0:00 /bin/vi mimedefang.spec
27590 ?        Ss     0:00 sshd: root@pts/9
27593 pts/9    Ss+    0:00 script -f -q /root/.lilalo//93929998153653587-1161982837.script
27653 pts/9    S+     0:00 script -f -q /root/.lilalo//93929998153653587-1161982837.script
27654 pts/10   Ss+    0:00 bash -i
28055 ?        Ss     0:00 clamd
28099 pts/8    R+     0:00 ps -ax











00:12:40




#tail -f /var/log/maillog





Oct 27 23:49:16 asp mimedefang.pl[27240]: filter: k9RKmEot027524:  tempfail=1
Oct 27 23:49:16 asp mimedefang[27253]: k9RKmEot027524: Tempfailing because filter instructed us to
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: Milter: data, reject=451 4.3.0 Problem running virus-scanner
Oct 27 23:49:16 asp sendmail[27524]: k9RKmEot027524: to=root@asp.linux.nt, delay=00:00:20, pri=30022, stat=Problem running virus-scanner
Oct 28 00:11:18 asp clamd[27427]: Shutting down the main socket.
Oct 28 00:11:18 asp clamd[27427]: Closing the main socket.
Oct 28 00:11:18 asp clamd[27427]: Socket file removed.
Oct 28 00:11:18 asp clamd[27427]: Can't unlink the pid file /var/run/clamav/clamd.pid
Oct 28 00:11:18 asp clamd[27427]: Exiting (clean)
Oct 28 00:11:18 asp clamd[27427]: --- Stopped at Sat Oct 28 00:11:18 2006











00:12:55




#tail -f /var/log/messages





Oct 28 00:12:03 asp clamd[28055]: Archive support enabled.
Oct 28 00:12:03 asp clamd[28055]: Archive: RAR support disabled.
Oct 28 00:12:03 asp clamd[28055]: Archive: Blocking encrypted archives.
Oct 28 00:12:03 asp clamd[28055]: Archive: Blocking archives that exceed limits.
Oct 28 00:12:03 asp clamd[28055]: Portable Executable support enabled.
Oct 28 00:12:03 asp clamd[28055]: Detection of broken executables enabled.
Oct 28 00:12:03 asp clamd[28055]: Mail files support enabled.
Oct 28 00:12:03 asp clamd[28055]: OLE2 support enabled.
Oct 28 00:12:03 asp clamd[28055]: HTML support enabled.
Oct 28 00:12:03 asp clamd[28055]: Self checking every 1800 seconds.
^[[B:q











00:13:07




#ps ax grep cla





ERROR: Process ID list syntax error.
********* simple selection *********  ********* selection by list *********
-A all processes                      -C by command name
-N negate selection                   -G by real group ID (supports names)
-a all w/ tty except session leaders  -U by real user ID (supports names)
-d all except session leaders         -g by session OR by effective group name
-e all processes                      -p by process ID
T  all processes on this terminal     -s processes in the sessions given
a  all w/ tty, including other users  -t by tty
g  OBSOLETE -- DO NOT USE             -u by effective user ID (supports names)
...
-o,o user-defined  -f full            --Group --User --pid --cols --ppid
-j,j job control   s  signal          --group --user --sid --rows --info
-O,O preloaded -o  v  virtual memory  --cumulative --format --deselect
-l,l long          u  user-oriented   --sort --tty --forest --version
-F   extra full    X  registers       --heading --no-heading --context
                    ********* misc options *********
-V,V  show version      L  list format codes  f  ASCII art forest
-m,m,-L,-T,H  threads   S  children in sum    -y change -l format
-M,Z  security data     c  true command name  -c scheduling class
-w,w  wide output       n  numeric WCHAN,UID  -H process hierarchy











00:13:16




#ps ax |


28055 ?        Ss     0:00 clamd
28135 pts/8    R+     0:00 grep cla









Понедельник (10/30/06)


/dev/pts/1
11:32:14




$su -


Password:
Removing stale pidfile











11:32:21




#ifconfig


eth0      Link encap:Ethernet  HWaddr 00:07:E9:3C:26:5F
          inet addr:192.168.15.150  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::207:e9ff:fe3c:265f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:389 errors:0 dropped:0 overruns:0 frame:0
          TX packets:56 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:33762 (32.9 KiB)  TX bytes:4127 (4.0 KiB)
          Base address:0xbc00 Memory:ff8e0000-ff900000
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:1369 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1369 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:2965862 (2.8 MiB)  TX bytes:2965862 (2.8 MiB)











11:32:25




#route -n


Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.15.0    0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth0
0.0.0.0         192.168.15.15   0.0.0.0         UG    0      0        0 eth0











11:32:28




#ping mail.ru















11:32:47




#ping 192.168.15.150


PING 192.168.15.150 (192.168.15.150) 56(84) bytes of data.
64 bytes from 192.168.15.150: icmp_seq=0 ttl=64 time=0.029 ms
64 bytes from 192.168.15.150: icmp_seq=1 ttl=64 time=0.026 ms
--- 192.168.15.150 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1012ms
rtt min/avg/max/mdev = 0.026/0.027/0.029/0.005 ms, pipe 2











11:32:55




#ping mail.ru













Файлы
  • /var/log/clamav/clamd.log
    • /var/log/clamav/clamd.log
    

    >
    Fri Oct 27 21:57:39 2006 -> Self checking every 1800 seconds.
Fri Oct 27 21:58:17 2006 -> Socket file removed.
Fri Oct 27 21:58:17 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:17 2006 -> Exiting (clean)
Fri Oct 27 21:58:17 2006 -> --- Stopped at Fri Oct 27 21:58:17 2006
Fri Oct 27 21:58:18 2006 -> +++ Started at Fri Oct 27 21:58:18 2006
Fri Oct 27 21:58:18 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 21:58:18 2006 -> Log file size limit disabled.
Fri Oct 27 21:58:18 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 21:58:18 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 21:58:20 2006 -> Protecting against 73019 viruses.
Fri Oct 27 21:58:20 2006 -> Unix socket file /var/spool/MIMEDefang/clamd.sock
Fri Oct 27 21:58:20 2006 -> Setting connection queue length to 30
Fri Oct 27 21:58:20 2006 -> ERROR: Can't save PID in file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:20 2006 -> Archive: Archived file size limit set to 10485760 bytes.
Fri Oct 27 21:58:20 2006 -> Archive: Recursion level limit set to 8.
Fri Oct 27 21:58:20 2006 -> Archive: Files limit set to 1000.
Fri Oct 27 21:58:20 2006 -> Archive: Compression ratio limit set to 300.
Fri Oct 27 21:58:20 2006 -> Archive support enabled.
Fri Oct 27 21:58:20 2006 -> Archive: RAR support disabled.
Fri Oct 27 21:58:20 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 21:58:20 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 21:58:20 2006 -> Portable Executable support enabled.
Fri Oct 27 21:58:20 2006 -> Detection of broken executables enabled.
Fri Oct 27 21:58:20 2006 -> Mail files support enabled.
Fri Oct 27 21:58:20 2006 -> OLE2 support enabled.
Fri Oct 27 21:58:20 2006 -> HTML support enabled.
Fri Oct 27 21:58:20 2006 -> Self checking every 1800 seconds.
Fri Oct 27 21:58:28 2006 -> Socket file removed.
Fri Oct 27 21:58:28 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:28 2006 -> Exiting (clean)
Fri Oct 27 21:58:28 2006 -> --- Stopped at Fri Oct 27 21:58:28 2006
Fri Oct 27 21:58:29 2006 -> +++ Started at Fri Oct 27 21:58:29 2006
Fri Oct 27 21:58:29 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 21:58:29 2006 -> Log file size limit disabled.
Fri Oct 27 21:58:29 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 21:58:29 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 21:58:32 2006 -> Protecting against 73019 viruses.
Fri Oct 27 21:58:32 2006 -> Unix socket file /var/spool/MIMEDefang/clamd.sock
Fri Oct 27 21:58:32 2006 -> Setting connection queue length to 30
Fri Oct 27 21:58:32 2006 -> ERROR: Can't save PID in file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:32 2006 -> Archive: Archived file size limit set to 10485760 bytes.
Fri Oct 27 21:58:32 2006 -> Archive: Recursion level limit set to 8.
Fri Oct 27 21:58:32 2006 -> Archive: Files limit set to 1000.
Fri Oct 27 21:58:32 2006 -> Archive: Compression ratio limit set to 300.
Fri Oct 27 21:58:32 2006 -> Archive support enabled.
Fri Oct 27 21:58:32 2006 -> Archive: RAR support disabled.
Fri Oct 27 21:58:32 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 21:58:32 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 21:58:32 2006 -> Portable Executable support enabled.
Fri Oct 27 21:58:32 2006 -> Detection of broken executables enabled.
Fri Oct 27 21:58:32 2006 -> Mail files support enabled.
Fri Oct 27 21:58:32 2006 -> OLE2 support enabled.
Fri Oct 27 21:58:32 2006 -> HTML support enabled.
Fri Oct 27 21:58:32 2006 -> Self checking every 1800 seconds.
Fri Oct 27 21:58:54 2006 -> Socket file removed.
Fri Oct 27 21:58:54 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 21:58:54 2006 -> Exiting (clean)
Fri Oct 27 21:58:54 2006 -> --- Stopped at Fri Oct 27 21:58:54 2006
Fri Oct 27 23:29:53 2006 -> +++ Started at Fri Oct 27 23:29:53 2006
Fri Oct 27 23:29:53 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 23:29:53 2006 -> Log file size limit disabled.
Fri Oct 27 23:29:53 2006 -> Verbose logging activated.
Fri Oct 27 23:29:53 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 23:29:53 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 23:29:58 2006 -> Protecting against 73019 viruses.
Fri Oct 27 23:29:58 2006 -> Unix socket file /var/spool/MIMEDefang/clamd.sock
Fri Oct 27 23:29:58 2006 -> Setting connection queue length to 30
Fri Oct 27 23:29:58 2006 -> Listening daemon: PID: 27192
Fri Oct 27 23:29:58 2006 -> Archive: Archived file size limit set to 10485760 bytes.
Fri Oct 27 23:29:58 2006 -> Archive: Recursion level limit set to 8.
Fri Oct 27 23:29:58 2006 -> Archive: Files limit set to 1000.
Fri Oct 27 23:29:58 2006 -> Archive: Compression ratio limit set to 300.
Fri Oct 27 23:29:58 2006 -> Archive support enabled.
Fri Oct 27 23:29:58 2006 -> Archive: RAR support disabled.
Fri Oct 27 23:29:58 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 23:29:58 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 23:29:58 2006 -> Portable Executable support enabled.
Fri Oct 27 23:29:58 2006 -> Detection of broken executables enabled.
Fri Oct 27 23:29:58 2006 -> Mail files support enabled.
Fri Oct 27 23:29:58 2006 -> OLE2 support enabled.
Fri Oct 27 23:29:58 2006 -> HTML support enabled.
Fri Oct 27 23:29:58 2006 -> Self checking every 1800 seconds.
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX4027301/Work/msg-27240-1.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX4027301/Work/INPUTMBOX: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX6027301/Work/msg-27240-2.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX6027301/Work/INPUTMBOX: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/msg-27240-3.txt: OK
Fri Oct 27 23:30:30 2006 -> /var/spool/MIMEDefang/mdefang-k9RKUUX8027301/Work/INPUTMBOX: OK
Fri Oct 27 23:34:56 2006 -> Shutting down the main socket.
Fri Oct 27 23:34:56 2006 -> Closing the main socket.
Fri Oct 27 23:34:56 2006 -> Socket file removed.
Fri Oct 27 23:34:56 2006 -> ERROR: Can't unlink the pid file /var/run/clamav/clamd.pid
Fri Oct 27 23:34:56 2006 -> Exiting (clean)
Fri Oct 27 23:34:56 2006 -> --- Stopped at Fri Oct 27 23:34:56 2006
Fri Oct 27 23:34:57 2006 -> +++ Started at Fri Oct 27 23:34:57 2006
Fri Oct 27 23:34:57 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 23:34:57 2006 -> Log file size limit disabled.
Fri Oct 27 23:34:57 2006 -> Verbose logging activated.
Fri Oct 27 23:34:57 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 23:34:57 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 23:34:59 2006 -> Protecting against 73019 viruses.
Fri Oct 27 23:34:59 2006 -> Unix socket file /var/spool/MIMEDefang/clamd.sock
Fri Oct 27 23:34:59 2006 -> Setting connection queue length to 30
Fri Oct 27 23:34:59 2006 -> Listening daemon: PID: 27393
Fri Oct 27 23:34:59 2006 -> Archive: Archived file size limit set to 10485760 bytes.
Fri Oct 27 23:34:59 2006 -> Archive: Recursion level limit set to 8.
Fri Oct 27 23:34:59 2006 -> Archive: Files limit set to 1000.
Fri Oct 27 23:34:59 2006 -> Archive: Compression ratio limit set to 300.
Fri Oct 27 23:34:59 2006 -> Archive support enabled.
Fri Oct 27 23:34:59 2006 -> Archive: RAR support disabled.
Fri Oct 27 23:34:59 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 23:34:59 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 23:34:59 2006 -> Portable Executable support enabled.
Fri Oct 27 23:34:59 2006 -> Detection of broken executables enabled.
Fri Oct 27 23:34:59 2006 -> Mail files support enabled.
Fri Oct 27 23:34:59 2006 -> OLE2 support enabled.
Fri Oct 27 23:34:59 2006 -> HTML support enabled.
Fri Oct 27 23:34:59 2006 -> Self checking every 1800 seconds.
Fri Oct 27 23:35:44 2006 -> Shutting down the main socket.
Fri Oct 27 23:35:44 2006 -> Closing the main socket.
Fri Oct 27 23:35:44 2006 -> Socket file removed.
Fri Oct 27 23:35:44 2006 -> Pid file removed.
Fri Oct 27 23:35:44 2006 -> Exiting (clean)
Fri Oct 27 23:35:44 2006 -> --- Stopped at Fri Oct 27 23:35:44 2006
Fri Oct 27 23:35:45 2006 -> +++ Started at Fri Oct 27 23:35:45 2006
Fri Oct 27 23:35:45 2006 -> clamd daemon 0.88.5 (OS: linux-gnu, ARCH: i386, CPU: i386)
Fri Oct 27 23:35:45 2006 -> Log file size limit disabled.
Fri Oct 27 23:35:45 2006 -> Verbose logging activated.
Fri Oct 27 23:35:45 2006 -> Running as user defang (UID 100, GID 101)
Fri Oct 27 23:35:45 2006 -> Reading databases from /var/lib/clamav
Fri Oct 27 23:35:47 2006 -> Protecting against 73019 viruses.
Fri Oct 27 23:35:47 2006 -> Unix socket file /var/spool/MIMEDefang/clamd.sock
Fri Oct 27 23:35:47 2006 -> Setting connection queue length to 30
Fri Oct 27 23:35:47 2006 -> Listening daemon: PID: 27427
Fri Oct 27 23:35:47 2006 -> Archive: Archived file size limit set to 10485760 bytes.
Fri Oct 27 23:35:47 2006 -> Archive: Recursion level limit set to 8.
Fri Oct 27 23:35:47 2006 -> Archive: Files limit set to 1000.
Fri Oct 27 23:35:47 2006 -> Archive: Compression ratio limit set to 300.
Fri Oct 27 23:35:47 2006 -> Archive support enabled.
Fri Oct 27 23:35:47 2006 -> Archive: RAR support disabled.
Fri Oct 27 23:35:47 2006 -> Archive: Blocking encrypted archives.
Fri Oct 27 23:35:47 2006 -> Archive: Blocking archives that exceed limits.
Fri Oct 27 23:35:47 2006 -> Portable Executable support enabled.
Fri Oct 27 23:35:47 2006 -> Detection of broken executables enabled.
Fri Oct 27 23:35:47 2006 -> Mail files support enabled.
Fri Oct 27 23:35:47 2006 -> OLE2 support enabled.
Fri Oct 27 23:35:47 2006 -> HTML support enabled.
Fri Oct 27 23:35:47 2006 -> Self checking every 1800 seconds.

    Статистика
    Время первой команды журнала22:04:48 2006-10-27
    Время последней команды журнала11:32:55 2006-10-30
    Количество командных строк в журнале101
    Процент команд с ненулевым кодом завершения, %12.87
    Процент синтаксически неверно набранных команд, % 0.00
    Суммарное время работы с терминалом *, час 1.64
    Количество командных строк в единицу времени, команда/мин 1.02
    Частота использования команд
    tail21|====================| 20.39%
    rpm15|==============| 14.56%
    vi10|=========|  9.71%
    /etc/init.d/clamd9|========|  8.74%
    ps8|=======|  7.77%
    yum5|====|  4.85%
    cd5|====|  4.85%
    ls5|====|  4.85%
    /etc/init.d/sendmail4|===|  3.88%
    /etc/init.d/clamav-milter4|===|  3.88%
    ping3|==|  2.91%
    cat3|==|  2.91%
    su2|=|  1.94%
    ifconfig1||  0.97%
    mutt1||  0.97%
    chown1||  0.97%
    route1||  0.97%
    rm1||  0.97%
    mail1||  0.97%
    grep1||  0.97%
    m41||  0.97%
    sendmail.cf1||  0.97%
    ____
    *) Интервалы неактивности длительностью 30 минут и более не учитываются
    Справка
        Для того чтобы использовать LiLaLo, не нужно знать ничего особенного:
    всё происходит само собой.
    Однако, чтобы ведение и последующее использование журналов
    было как можно более эффективным, желательно иметь в виду следующее:
    
      
    
    1.  
    В журнал автоматически попадают все команды, данные в любом терминале системы.
    
      2. 
    
    2. 
    Для того чтобы убедиться, что журнал на текущем терминале ведётся, 
    и команды записываются, дайте команду w.
    В поле WHAT, соответствующем текущему терминалу, 
    должна быть указана программа script.
    
      3. 
    
    3. 
    Команды, при наборе которых были допущены синтаксические ошибки, 
    выводятся перечёркнутым текстом:

      

      


      $ l s-l
      

      bash: l: command not found

      
      		

      

      

      
    
      4. 
    
    4. 
    Если код завершения команды равен нулю, 
    команда была выполнена без ошибок.
    Команды, код завершения которых отличен от нуля, выделяются цветом.

      

      


      $ test 5 -lt 4
      

      		

      

      
    Обратите внимание на то, что код завершения команды может быть отличен от нуля
    не только в тех случаях, когда команда была выполнена с ошибкой.
    Многие команды используют код завершения, например, для того чтобы показать результаты проверки

      
    
      5. 
    
    5. 
    Команды, ход выполнения которых был прерван пользователем, выделяются цветом.

      

      


      $ find / -name abc
      

      find: /home/devi-orig/.gnome2: Keine Berechtigung
find: /home/devi-orig/.gnome2_private: Keine Berechtigung
find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung
find: /home/devi-orig/.metacity: Keine Berechtigung
find: /home/devi-orig/.inkscape: Keine Berechtigung
^C

      
      		

      

      

      
    
      6. 
    
    6. 
    Команды, выполненные с привилегиями суперпользователя,
    выделяются слева красной чертой.

      

      


      # id
      

      uid=0(root) gid=0(root) Gruppen=0(root)

      
      		

      

      
    
      
    
      7. 
    
    7. 
    Изменения, внесённые в текстовый файл с помощью редактора, 
    запоминаются и показываются в журнале в формате ed.
    Строки, начинающиеся символом "<", удалены, а строки,
    начинающиеся символом ">" -- добавлены.

      

      


      $ vi ~/.bashrc
      

      2a3,5
>    if [ -f /usr/local/etc/bash_completion ]; then
>         . /usr/local/etc/bash_completion
>        fi

      		

      

      
    
      
    
      8. 
    
    8. 
    Для того чтобы изменить файл в соответствии с показанными в диффшоте
    изменениями, можно воспользоваться командой patch.
    Нужно скопировать изменения, запустить программу patch, указав в
    качестве её аргумента файл, к которому применяются изменения,
    и всавить скопированный текст:

      

      


      $ patch ~/.bashrc
      
      		

      

      
    В данном случае изменения применяются к файлу ~/.bashrc
    
      9. 
    
    9. 
    Для того чтобы получить краткую справочную информацию о команде, 
    нужно подвести к ней мышь. Во всплывающей подсказке появится краткое
    описание команды.
    
      
    
      
    Если справочная информация о команде есть, 
    команда выделяется голубым фоном, например: vi.
    Если справочная информация отсутствует,
    команда выделяется розовым фоном, например: notepad.exe.
    Справочная информация может отсутствовать в том случае, 
    если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно;
    (3) если информация о команде неизвестна LiLaLo.
    Последнее возможно для редких команд.
    
      10. 
    
    10. 
    Большие, в особенности многострочные, всплывающие подсказки лучше 
    всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer.
    В браузерах Mozilla и Firefox они отображаются не полностью, 
    а вместо перевода строки выводится специальный символ.
    
      11. 
    
    11. 
    Время ввода команды, показанное в журнале, соответствует времени 
    начала ввода командной строки, которое равно тому моменту, 
    когда на терминале появилось приглашение интерпретатора
    
      12. 
    
    12. 
    Имя терминала, на котором была введена команда, показано в специальном блоке.
    Этот блок показывается только в том случае, если терминал
    текущей команды отличается от терминала предыдущей.
    
      13. 
    
    13. 
    Вывод не интересующих вас в настоящий момент элементов журнала,
    таких как время, имя терминала и других, можно отключить.
    Для этого нужно воспользоваться формой управления журналом
    вверху страницы.
    
      14. 
    
    14. 
    Небольшие комментарии к командам можно вставлять прямо из командной строки.
    Комментарий вводится прямо в командную строку, после символов #^ или #v.
    Символы ^ и v показывают направление выбора команды, к которой относится комментарий:
    ^ - к предыдущей, v - к следующей.
    Например, если в командной строке было введено:

      $ whoami

      

      user

      

      $ #^ Интересно, кто я?

      
    в журнале это будет выглядеть так:
    

      $ whoami

      

      user

      

      

        Интересно, кто я?
       
       
    
      15. 
    
    15. 
    Если комментарий содержит несколько строк,
    его можно вставить в журнал следующим образом:

      $ whoami

      

      user

      

      $ cat > /dev/null #^ Интересно, кто я?

      

      Программа whoami выводит имя пользователя, под которым 
мы зарегистрировались в системе.
-
Она не может ответить на вопрос о нашем назначении 
в этом мире.

      
    В журнале это будет выглядеть так:

      

      


      $ whoami
      

      user

      

      Интересно, кто я?
      
Программа whoami выводит имя пользователя, под которым
      
мы зарегистрировались в системе.
      

      
Она не может ответить на вопрос о нашем назначении
      
в этом мире.
      

      
      		

      

      
    Для разделения нескольких абзацев между собой
    используйте символ "-", один в строке.
    
      

      16. 
    
    16. 
    Комментарии, не относящиеся непосредственно ни к какой из команд, 
    добавляются точно таким же способом, только вместо симолов #^ или #v 
    нужно использовать символы #=
    
      17. 

    
    17. 
    Содержимое файла может быть показано в журнале.
    Для этого его нужно вывести с помощью программы cat.
    Если вывод команды отметить симоволами #!, 
    содержимое файла будет показано в журнале
    в специально отведённой для этого секции.
    
      18. 

    
      
    
    18. 
    Для того чтобы вставить скриншот интересующего вас окна в журнал,
    нужно воспользоваться командой l3shot.
    После того как команда вызвана, нужно с помощью мыши выбрать окно, которое
    должно быть в журнале.
    
      19. 
    
      

    
      
    
    19. 
    Команды в журнале расположены в хронологическом порядке.
    Если две команды давались одна за другой, но на разных терминалах,
    в журнале они будут рядом, даже если они не имеют друг к другу никакого отношения.

      1
    2
3   
    4

      
    Группы команд, выполненных на разных терминалах, разделяются специальной линией.
    Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
    Для того чтобы посмотреть команды только одного сенса, 
    нужно щёкнуть по этому названию.
    
      20. 
    
      

    

    О программе
        
    
    LiLaLo (L3) расшифровывается как Live Lab Log.
    
    Программа разработана для повышения эффективности обучения Unix/Linux-системам.
    
    (c) Игорь Чубин, 2004-2008
    
    
    
$Id$