08:29:15

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12699 ?        Ss     0:00 sshd: admin [priv]
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22775 ttyp3    R+     0:00 ps ax

08:29:15

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12699 ?        Ss     0:00 sshd: admin [priv]
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22781 ttyp3    R+     0:00 ps ax

08:29:16

 05:29:18 up 53 days, 10:59,  2 users,  load average: 0,35, 1,05, 0,77
USER     TTY      FROM              LOGIN@   IDLE   JCPU   PCPU WHAT
root     ttyp0    192.168.1.198    05:11   13.00s  0.09s  0.00s script -f -q /root/.lilalo//8945247362774015272-1214543514.script
admin    ttyp2    192.168.4.129    05:22    0.00s  0.17s  0.03s sshd: admin [priv]

08:29:18

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12699 ?        Ss     0:00 sshd: admin [priv]
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22794 ttyp3    R+     0:00 ps ax

08:29:25

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12699 ?        Ss     0:00 sshd: admin [priv]
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22800 ttyp3    R+     0:00 ps ax

08:29:27

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22808 ?        S      0:00 /usr/sbin/smbd -D
22827 ttyp3    R+     0:00 ps ax

/dev/ttyp0

08:30:21

#cp clamav/vscan-clamav.conf /etc/samba/

/dev/ttyp2

08:31:05

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22808 ?        S      0:00 /usr/sbin/smbd -D
22833 ttyp3    R+     0:00 ps ax

08:31:07

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22808 ?        S      0:00 /usr/sbin/smbd -D
22839 ttyp3    R+     0:00 ps ax

08:31:09

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22808 ?        S      0:00 /usr/sbin/smbd -D
22845 ttyp3    R+     0:00 ps ax

08:31:10

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22808 ?        S      0:00 /usr/sbin/smbd -D
22851 ttyp3    R+     0:00 ps ax

08:31:10

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22874 ttyp3    R+     0:00 ps ax

/dev/ttyp0

08:31:11

#vi /etc/samba/vscan-clamav.conf

/dev/ttyp2

08:32:01

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22880 ttyp3    R+     0:00 ps ax

08:32:03

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22886 ttyp3    R+     0:00 ps ax

08:32:04

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22892 ttyp3    R+     0:00 ps ax

08:32:06

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22898 ttyp3    R+     0:00 ps ax

08:32:07

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12797 ?        S      0:00 sshd: admin@ttyp2
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22869 ttyp1    S+     0:00 /usr/bin/vi /etc/samba/vscan-clamav.conf
22906 ttyp3    R+     0:00 ps ax

08:32:35

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22915 ?        S      0:00 /usr/sbin/smbd -D
22980 ?        S      0:00 /usr/sbin/smbd -D
22981 ttyp3    R+     0:00 ps ax

/dev/ttyp0

08:35:54

#vi /etc/samba/vscan-clamav.conf

08:36:11

#vi /etc/samba/smb.conf

/dev/ttyp2

08:43:57

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22915 ?        S      0:00 /usr/sbin/smbd -D
22980 ?        S      0:00 /usr/sbin/smbd -D
22987 ttyp3    R+     0:00 ps ax

08:43:59

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22915 ?        S      0:00 /usr/sbin/smbd -D
22980 ?        S      0:00 /usr/sbin/smbd -D
22993 ttyp3    R+     0:00 ps ax

08:44:00

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
12806 ttyp2    Ss     0:00 -bash
12897 ttyp2    S+     0:00 su
12970 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13002 ttyp2    S+     0:00 script -f -q /root/.lilalo//1436192301186114200-1214544177.script
13003 ttyp3    Ss     0:00 bash -i
14288 ?        S      0:00 [pdflush]
17755 ?        S      0:00 [pdflush]
22915 ?        S      0:00 /usr/sbin/smbd -D
22980 ?        S      0:00 /usr/sbin/smbd -D
22999 ttyp3    R+     0:00 ps ax

08:44:01

#ps ax

  PID TTY      STAT   TIME COMMAND
    1 ?        Ss     0:00 init [2]
    2 ?        S      0:00 [migration/0]
    3 ?        SN     0:00 [ksoftirqd/0]
    4 ?        S<     0:01 [events/0]
    5 ?        S<     0:00 [khelper]
    6 ?        S<     0:00 [kthread]
    7 ?        S<     0:00 [xenwatch]
    8 ?        S<     0:00 [xenbus]
   16 ?        S<     0:00 [kblockd/0]
...
24549 ?        S      0:00 /usr/sbin/smbd -D
24552 ?        S      0:00 /usr/sbin/smbd -D
24835 ?        Rs     3:33 /usr/sbin/clamd
24892 ?        Rs     2:37 /usr/sbin/clamd
24953 ?        S      0:00 /usr/sbin/smbd -D
24957 ?        S      0:00 /usr/sbin/smbd -D
24965 ?        S      0:00 /usr/sbin/smbd -D
24977 ?        S      0:00 /usr/sbin/smbd -D
24994 ?        S      0:00 /usr/sbin/smbd -D
24995 ttyp3    R+     0:00 ps ax

/dev/ttyp0

08:44:04

#apt-cache search clamav

amavisd-new - Interface between MTA and virus scanner/content filters
amavisd-new-milter - Interface between sendmail-milter and amavisd-new
avscan - GTK frontend for the Clam AntiVirus scanner (ClamAV)
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-data - clamav data files
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
...
clamsmtp - virus-scanning SMTP proxy
courier-filter-perl - purely Perl-based mail filter framework for the Courier MTA
klamav - graphical front-end for clamav
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
php4-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP4 Scripts
php5-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP5 Scripts
python-clamav - Python bindings to ClamAV
sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
sylpheed-claws-gtk2-clamav - Clam AntiVirus plugin for the Sylpheed-Claws GTK2 mail client

08:44:13

#apt-get install clamav-base clamav-freshclam

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
Будут установлены следующие дополнительные пакеты:
  ca-certificates libclamav2 libcurl3 libgmp3c2 libidn11 openssl ucf
Предлагаемые пакеты:
  clamav-docs
Рекомендуемые пакеты:
  clamav debconf-utils
НОВЫЕ пакеты, которые будут установлены:
  ca-certificates clamav-base clamav-freshclam libclamav2 libcurl3 libgmp3c2
...
Настраивается пакет clamav-base (0.90.1dfsg-3etch9) ...
Добавляется системный пользователь `clamav' (UID 102) ...
Добавляется новая группа `clamav' (GID 103) ...
Добавляется новый пользователь `clamav' (UID 102) в группу `clamav' ...
Не создаётся домашний каталог `/var/lib/clamav'.
Настраивается пакет libcurl3 (7.15.5-1etch1) ...
Настраивается пакет libgmp3c2 (4.2.1+dfsg-4) ...
Настраивается пакет libclamav2 (0.90.1dfsg-3etch9) ...
Настраивается пакет clamav-freshclam (0.90.1dfsg-3etch9) ...
Starting ClamAV virus database updater: freshclam.

08:44:55

#vi /etc/samba/smb.conf

08:54:20

#vi /etc/samba/

08:54:20

#vi /etc/samba/vscan-clamav.conf

08:54:47

#vi /etc/clamav/

08:54:47

#vi /etc/clamav/clamd.conf

08:55:23

#vi /etc/clamav/clamd.conf

08:55:41

#vi /etc/samba/vscan-clamav.conf

08:56:29

#vi /etc/clamav/clamd.conf

08:56:55

#vi /etc/samba/vscan-clamav.conf

08:57:39

#vi /etc/samba/vscan-clamav.conf

09:01:28

#/etc/init.d/samba restart

Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.

09:03:15

#tail -f /var/log/samba/log.s

log.samarseva            log.sharon-qcs11oz3      log.solarvista
log.samarseva.old        log.sharon-qcs11oz3.old  log.solarvista.old
log.samba                log.shitbanda            log.sp-183
log.sasha                log.shkurenko            log.spectram-azs4hd
log.sayed                log.shkurenko.old        log.sppcsw6
log.secure1              log.sikelianos           log.srv
log.server               log.smart1               log.srvw2k3
log.server2              log.smart1.old           log.stefani
log.server2.old          log.smbd                 log.stepan
log.server.old           log.smbd.1.gz            log.stepan12
log.serverre             log.smbd.2.gz            log.stepan.old
log.serverre.old         log.smbd.3.gz            log.stilian
log.serverx              log.smbd.4.gz            log.stilian.old
log.servidor             log.smbd.5.gz            log.sw602
log.servidor2            log.smbd.6.gz            log.systempc
log.servidor2.old        log.smbd.7.gz            log.systempc.old
log.servidor.old         log.smbd.old

09:03:15

#tail -f /var/log/samba/log.s

log.samarseva            log.sharon-qcs11oz3      log.solarvista
log.samarseva.old        log.sharon-qcs11oz3.old  log.solarvista.old
log.samba                log.shitbanda            log.sp-183
log.sasha                log.shkurenko            log.spectram-azs4hd
log.sayed                log.shkurenko.old        log.sppcsw6
log.secure1              log.sikelianos           log.srv
log.server               log.smart1               log.srvw2k3
log.server2              log.smart1.old           log.stefani
log.server2.old          log.smbd                 log.stepan
log.server.old           log.smbd.1.gz            log.stepan12
log.serverre             log.smbd.2.gz            log.stepan.old
log.serverre.old         log.smbd.3.gz            log.stilian
log.serverx              log.smbd.4.gz            log.stilian.old
log.servidor             log.smbd.5.gz            log.sw602
log.servidor2            log.smbd.6.gz            log.systempc
log.servidor2.old        log.smbd.7.gz            log.systempc.old
log.servidor.old         log.smbd.old

09:03:15

#tail -f /var/log/samba/log.smbd

log.smbd       log.smbd.2.gz  log.smbd.4.gz  log.smbd.6.gz  log.smbd.old
log.smbd.1.gz  log.smbd.3.gz  log.smbd.5.gz  log.smbd.7.gz

09:03:15

#tail -f /var/log/samba/log.smbd

log.smbd       log.smbd.2.gz  log.smbd.4.gz  log.smbd.6.gz  log.smbd.old
log.smbd.1.gz  log.smbd.3.gz  log.smbd.5.gz  log.smbd.7.gz

09:03:15

#tail -f /var/log/samba/log.smbd

[2008/06/27 06:03:15, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/06/27 06:03:15, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2008/06/27 06:03:15, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/06/27 06:03:15, 3] printing/printing.c:start_background_queue(1386)
  start_background_queue: Starting background LPQ thread
[2008/06/27 06:03:15, 2] smbd/server.c:open_sockets_smbd(384)
  waiting for a connection

09:03:32

#vi /etc/samba/smb.conf

09:07:02

#/etc/init.d/samba restart

Stopping Samba daemons: nmbd smbd.
Starting Samba daemons: nmbd smbd.

09:07:07

#tail -f /var/log/samba/log.smbd

[2008/06/27 06:07:07, 3] smbd/sec_ctx.c:set_sec_ctx(241)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 1
[2008/06/27 06:07:07, 4] passdb/pdb_ldap.c:ldapsam_getgroup(2217)
  ldapsam_getgroup: Did not find group
[2008/06/27 06:07:07, 3] smbd/sec_ctx.c:pop_sec_ctx(339)
  pop_sec_ctx (0, 0) - sec_ctx_stack_ndx = 0
[2008/06/27 06:07:07, 3] printing/printing.c:start_background_queue(1386)
  start_background_queue: Starting background LPQ thread
[2008/06/27 06:07:07, 2] smbd/server.c:open_sockets_smbd(384)
  waiting for a connection

09:07:21

#tail -f /var/log/samba/log.

Display all 1389 possibilities? (y or n)

09:07:21

#apt-cache search clamav

amavisd-new - Interface between MTA and virus scanner/content filters
amavisd-new-milter - Interface between sendmail-milter and amavisd-new
avscan - GTK frontend for the Clam AntiVirus scanner (ClamAV)
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-data - clamav data files
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
...
clamsmtp - virus-scanning SMTP proxy
courier-filter-perl - purely Perl-based mail filter framework for the Courier MTA
klamav - graphical front-end for clamav
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
php4-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP4 Scripts
php5-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP5 Scripts
python-clamav - Python bindings to ClamAV
sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
sylpheed-claws-gtk2-clamav - Clam AntiVirus plugin for the Sylpheed-Claws GTK2 mail client

09:07:53

#dpkg -L clamav-base

/.
/etc
/etc/clamav
/usr
/usr/share
/usr/share/doc
/usr/share/doc/clamav-base
/usr/share/doc/clamav-base/AUTHORS
/usr/share/doc/clamav-base/examples
/usr/share/doc/clamav-base/examples/clamd.conf
...
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/clamav-base
/var
/var/run
/var/run/clamav
/var/log
/var/log/clamav
/var/lib
/var/lib/clamav

09:08:22

#apt-cache search clamscan

09:08:46

#apt-cache search clamav

amavisd-new - Interface between MTA and virus scanner/content filters
amavisd-new-milter - Interface between sendmail-milter and amavisd-new
avscan - GTK frontend for the Clam AntiVirus scanner (ClamAV)
clamav - antivirus scanner for Unix
clamav-base - base package for clamav, an anti-virus utility for Unix
clamav-daemon - antivirus scanner daemon
clamav-data - clamav data files
clamav-dbg - debug symbols for clamav
clamav-docs - documentation package for clamav, an anti-virus utility for Unix
clamav-freshclam - downloads clamav virus databases from the Internet
...
clamsmtp - virus-scanning SMTP proxy
courier-filter-perl - purely Perl-based mail filter framework for the Courier MTA
klamav - graphical front-end for clamav
libclamav-dev - clam Antivirus library development files
libclamav2 - virus scanner library
php4-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP4 Scripts
php5-clamavlib - PHP ClamAV Lib - ClamAV Interface for PHP5 Scripts
python-clamav - Python bindings to ClamAV
sylpheed-claws-clamav - Clam AntiVirus plugin for Sylpheed Claws
sylpheed-claws-gtk2-clamav - Clam AntiVirus plugin for the Sylpheed-Claws GTK2 mail client

09:08:50

#apt-get install clamav-daemon

Чтение списков пакетов... Готово
Построение дерева зависимостей... Готово
Предлагаемые пакеты:
  daemon clamav-docs
НОВЫЕ пакеты, которые будут установлены:
  clamav-daemon
обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 34 пакетов не обновлено.
Необходимо скачать 173kБ архивов.
После распаковки объем занятого дискового пространства возрастёт на 397kB.
Получено:1 http://debian.org.ua etch/main clamav-daemon 0.90.1dfsg-3etch9 [173kB]
Получено 173kB за 0s (1893kB/c)
Выбор ранее не выбранного пакета clamav-daemon.
(Чтение базы данных... на данный момент установлено 20715 файлов и каталогов.)
Распаковывается пакет clamav-daemon (из файла .../clamav-daemon_0.90.1dfsg-3etch9_i386.deb)...
Настраивается пакет clamav-daemon (0.90.1dfsg-3etch9) ...
Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:11:54

#dpkg -L clamav-daemon

/.
/etc
/etc/logcheck
/etc/logcheck/ignore.d.paranoid
/etc/logcheck/ignore.d.paranoid/clamav-daemon
/etc/logcheck/ignore.d.server
/etc/logcheck/ignore.d.server/clamav-daemon
/etc/init.d
/etc/init.d/clamav-daemon
/etc/logrotate.d
...
/usr/share/man/man8/clamd.8.gz
/usr/share/lintian
/usr/share/lintian/overrides
/usr/share/lintian/overrides/clamav-daemon
/usr/share/doc/clamav-daemon/FAQ
/usr/share/doc/clamav-daemon/NEWS.Debian.gz
/usr/share/doc/clamav-daemon/BUGS
/usr/share/doc/clamav-daemon/README.gz
/usr/share/doc/clamav-daemon/README.Debian.gz
/usr/share/doc/clamav-daemon/AUTHORS.gz

09:11:58

#man clamdscan

09:12:15

#less /etc/samba/smb.conf

09:12:30

#clamdscan /home/samba/pub/

connect(): No such file or directory
WARNING: Can't connect to clamd.
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)

09:12:38

#/etc/init.d/clamav-

clamav-daemon     clamav-freshclam

09:12:38

#/etc/init.d/clamav-daemon start

Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:12:50

#tail /var/log/messages

Jun 27 02:53:22 samba -- MARK --
Jun 27 03:13:22 samba -- MARK --
Jun 27 03:33:22 samba -- MARK --
Jun 27 03:53:22 samba -- MARK --
Jun 27 04:13:22 samba -- MARK --
Jun 27 04:33:22 samba -- MARK --
Jun 27 04:53:22 samba -- MARK --
Jun 27 05:13:22 samba -- MARK --
Jun 27 05:33:25 samba -- MARK --
Jun 27 05:53:26 samba -- MARK --

09:12:55

#tail /var/log/daemon.log

Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied

09:12:57

#tail /var/log/daemon.log

Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:12:19 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied

09:13:08

#ls -l /var/run/

итого 48
drwxr-xr-x 2 clamav clamav 4096 2008-06-27 05:44 clamav
-rw-r--r-- 1 root   root      5 2008-05-04 18:34 crond.pid
---------- 1 root   root      0 2008-05-04 18:34 crond.reboot
-rw-r--r-- 1 root   root      5 2008-05-04 18:34 klogd.pid
-rw-r--r-- 1 root   root    356 2008-05-04 18:34 motd
drwxr-xr-x 2 root   root   4096 2008-05-04 18:34 network
drwxr-xr-x 2 root   root   4096 2008-06-27 06:07 samba
drwxr-xr-x 2 root   root   4096 2007-03-05 16:38 sshd
-rw-r--r-- 1 root   root      5 2008-05-04 18:34 sshd.pid
drwx------ 3 root   root   4096 2008-01-14 04:58 sudo
-rw-r--r-- 1 root   root      5 2008-05-04 18:34 syslogd.pid
-rw-rw-r-- 1 root   utmp   5376 2008-06-27 05:22 utmp

09:13:17

#ls -l /var/run/clamav/

итого 4
-rw-rw---- 1 clamav clamav 5 2008-06-27 05:44 freshclam.pid

09:13:21

#vi /etc/samba/

09:13:21

#vi /etc/samba/vscan-clamav.conf

09:17:52

#vi /etc/clamav/

09:17:52

#vi /etc/clamav/clamd.conf

09:18:04

#vi /etc/clamav/freshclam.conf

09:18:13

#/etc/init.d/clamav-

clamav-daemon     clamav-freshclam

09:18:13

#tail /var/log/daemon.log

Jun 27 06:18:13 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:18:13 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:18:14 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied
Jun 27 06:18:15 samba smbd_vscan-clamav[24552]: ERROR: can not connect to clamd (socket: '/var/run/clamav/clamd.ctl')!
Jun 27 06:18:15 samba smbd_vscan-clamav[24552]: ERROR: can not communicate to daemon - access denied

09:18:21

#ls -l /var/run/clamav/

итого 4
-rw-rw---- 1 clamav clamav 5 2008-06-27 05:44 freshclam.pid

09:18:33

#/etc/init.d/clamav-

clamav-daemon     clamav-freshclam

09:18:33

#/etc/init.d/clamav-daemon start

Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:18:44

#ps aux | grep clamd

clamav   24835 56.1 13.5  42728 35644 ?        Rs   06:11   3:55 /usr/sbin/clamd
clamav   24892 49.4 13.1  41540 34544 ?        Rs   06:12   2:59 /usr/sbin/clamd
clamav   25043 30.6 10.6  35072 28024 ?        Rs   06:18   0:02 /usr/sbin/clamd
root     25054  0.0  0.2   2888   748 ttyp1    S+   06:18   0:00 grep clamd

09:18:53

#/etc/init.d/clamav-daemon restart

Stopping ClamAV daemon: clamd/etc/init.d/clamav-daemon: line 92: kill: -25043 24892 24835: arguments must be process or job IDs
 failed!
Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:19:03

#ps aux | grep clamd

clamav   24835 55.4 13.6  42860 35732 ?        Rs   06:11   3:59 /usr/sbin/clamd
clamav   24892 48.8 13.2  41672 34624 ?        Rs   06:12   3:03 /usr/sbin/clamd
clamav   25043 31.5 10.8  35600 28556 ?        Rs   06:18   0:06 /usr/sbin/clamd
clamav   25092 28.0  2.1  13344  5728 ?        Rs   06:19   0:00 /usr/sbin/clamd
root     25103  0.0  0.2   2892   752 ttyp1    S+   06:19   0:00 grep clamd

09:19:06

#kill 24835 24892 25043

09:19:17

#ps aux | grep clamd

clamav   25092 33.9 10.8  35464 28340 ?        Rs   06:19   0:05 /usr/sbin/clamd
root     25116  0.0  0.2   2892   752 ttyp1    S+   06:19   0:00 grep clamd

09:19:19

#kill 24835 24892 25092

bash: kill: (24835) - No such process
bash: kill: (24892) - No such process

09:19:26

#/etc/init.d/clamav-daemon start

Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:19:30

#ps aux | grep clamd

clamav   25139  112 10.6  34940 27880 ?        Rs   06:19   0:02 /usr/sbin/clamd
root     25150  0.0  0.2   2888   748 ttyp1    S+   06:19   0:00 grep clamd

09:19:33

#kill 25139

09:19:38

#ps aux | grep clamd

root     25163  0.0  0.2   2892   752 ttyp1    S+   06:19   0:00 grep clamd

09:19:39

#ps aux | grep clamd

root     25170  0.0  0.2   2892   752 ttyp1    S+   06:19   0:00 grep clamd

09:19:40

#ps aux | grep clamd

root     25177  0.0  0.2   2888   748 ttyp1    S+   06:19   0:00 grep clamd

09:19:40

#/etc/init.d/clamav-daemon start

Starting ClamAV daemon: clamd Running as user clamav (UID 102, GID 103)
.

09:19:44

#ps aux | grep clamd

clamav   25192 85.0  9.1  31104 24004 ?        Rs   06:19   0:01 /usr/sbin/clamd
root     25203  0.0  0.2   2892   752 ttyp1    S+   06:19   0:00 grep clamd

09:19:45

#ls -l /var/run/clamav/

итого 4
-rw-rw---- 1 clamav clamav 5 2008-06-27 05:44 freshclam.pid

09:19:53

#vi /etc/clamav/clamd.conf

09:20:26

#ls /var/run/clamav/

freshclam.pid

09:20:29

#ls -l /var/run/clamav/

итого 4
-rw-rw---- 1 clamav clamav 5 2008-06-27 05:44 freshclam.pid

09:20:31

#less /var/log/clamav/

09:20:31

#less /var/log/clamav/clamav.log

09:20:58

#ls -l /var/run/clamav/

итого 4
-rw-rw---- 1 clamav clamav 5 2008-06-27 05:44 freshclam.pid

09:21:00

#vi /etc/clamav/clamd.conf

09:21:25

#/etc/init.d/clamav-

clamav-daemon     clamav-freshclam

09:21:25

#/etc/init.d/clamav-daemon stop

Stopping ClamAV daemon: clamd.

09:21:33

#ps aux | grep clamd

root     25295  0.0  0.2   2888   748 ttyp1    S+   06:21   0:00 grep clamd

09:21:36

#clam

clamconf   clamd      clamdscan

09:21:36

#clam

clamconf   clamd      clamdscan

Статистика

Справка

О программе

LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008

Журнал лабораторных работ

Журнал

Пятница (06/27/08)

Статистика

Справка

О программе