What is the output of the command "findmnt"?

You where right Nick it's bind mounted. I was in the assumption that you could see it when doing "ls -al", but that's not true. When you use "findmnt" you see the bind mounts. Now I have to remember that commando.

root@voyager domain.com]# findmnt

TARGET                                SOURCE     FSTYPE     OPTIONS

/                                     /dev/mapper/clearos-root

                                                 xfs        rw,relatime,attr2,inode64,noquota

|-/sys                                sysfs      sysfs      rw,nosuid,nodev,noexec,relatime

| |-/sys/kernel/security              securityfs securityfs rw,nosuid,nodev,noexec,relatime

| |-/sys/fs/cgroup                    tmpfs      tmpfs      ro,nosuid,nodev,noexec,mode=755

| | |-/sys/fs/cgroup/systemd          cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=syst

| | |-/sys/fs/cgroup/blkio            cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,blkio

| | |-/sys/fs/cgroup/freezer          cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,freezer

| | |-/sys/fs/cgroup/perf_event       cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,perf_event

| | |-/sys/fs/cgroup/net_cls,net_prio cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,net_prio,net_cls

| | |-/sys/fs/cgroup/memory           cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,memory

| | |-/sys/fs/cgroup/cpu,cpuacct      cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,cpuacct,cpu

| | |-/sys/fs/cgroup/hugetlb          cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,hugetlb

| | |-/sys/fs/cgroup/cpuset           cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,cpuset

| | |-/sys/fs/cgroup/pids             cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,pids

| | `-/sys/fs/cgroup/devices          cgroup     cgroup     rw,nosuid,nodev,noexec,relatime,devices

| |-/sys/fs/pstore                    pstore     pstore     rw,nosuid,nodev,noexec,relatime

| |-/sys/kernel/debug                 debugfs    debugfs    rw,relatime

| `-/sys/kernel/config                configfs   configfs   rw,relatime

|-/proc                               proc       proc       rw,nosuid,nodev,noexec,relatime

| `-/proc/sys/fs/binfmt_misc          systemd-1  autofs     rw,relatime,fd=32,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=11611

|-/dev                                devtmpfs   devtmpfs   rw,nosuid,size=16430668k,nr_inodes=4107667,mode=755

| |-/dev/shm                          tmpfs      tmpfs      rw,nosuid,nodev

| |-/dev/pts                          devpts     devpts     rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000

| |-/dev/mqueue                       mqueue     mqueue     rw,relatime

| `-/dev/hugepages                    hugetlbfs  hugetlbfs  rw,relatime

|-/run                                tmpfs      tmpfs      rw,nosuid,nodev,mode=755

| |-/run/user/0                       tmpfs      tmpfs      rw,nosuid,nodev,relatime,size=3288296k,mode=700

| `-/run/user/993                     tmpfs      tmpfs      rw,nosuid,nodev,relatime,size=3288296k,mode=700,uid=993,gid=991

|-/boot                               /dev/sda1  xfs        rw,relatime,attr2,inode64,noquota

`-/var/flexshare/shares/lionux.nl     /dev/mapper/clearos-root[/var/www/html]

                                                 xfs        rw,relatime,attr2,inode64,noquota

If you follow the guidance from Marc Laporte, you should not put anything is the default website and everything should go into the virtual sites. I have not gone that far - really all my stuff pre-dates the virtual set up so it all needs moving around.

Okay, some day I want to make a main website, but it would be nice if i can access web apps via sub domains.

Websites should not be directly located in the flexshare structure. They should be in /var/www/html for the default site and /var/www/virtual for the rest, then they should all be bind mounted back into the flexshares under /var/flexshare/shares/your_website_name. ClearOS should be doing all that for you. What is the output of the command "findmnt"?

If you follow the guidance from Marc Laporte, you should not put anything is the default website and everything should go into the virtual sites. I have not gone that far - really all my stuff pre-dates the virtual set up so it all needs moving around.

So the web setting in the webgui is not necessary anymore because because website are located in flexshares. They are not bind mounted btw.

I've just checked. If you scan Flexshares, websites also get scanned. If you also include Web in the webconfig, websites end up getting scanned twice.

Lol, we all getting older Nick. It also happens to me.

Found the file, and I'm going to checkout your link. Thanks Nick.

Marcel van Leeuwen wrote:

Are you sure that it's the right file because when opening that file I'll get a lot of weird characters on my screen.

No. My memory is worse than my documentation. The correct file is /usr/sbin/file_scan and I've edited my post. Have a look at the app documentation here. I need to update the documentation as there is also a parameter "--exclude-dir" which can contain a regex of folders to exclude. Both --exclude-dir and --exclude can also be specified multiple times.

Nick Howitt wrote:

Hi Marcel,
I'd expect them to be FP's. The signatures would be trying to detect the same viruses as the virus scanner so will have code to look for the same match.

yes, I had the same thought,

Generally clamscan is run through the Webconfig over a limited number of folders governed by the webconfig. To scan custom folders you need to make a manual edit to an underlying file, so the idea is to just scan mail and user files. I am not sure of the web option because if you scan flexshares, I would expect you to scan web files as well. This is because, if you use the ClearOS Web Server setup, all the websites are bind mounted into the flexshares anyway. I may need to test that and adjust the documentation accordingly.

Yes, i saw this in the webgui that it's only possible to scan the user used directories. It's nice when we can set a custom directory and exclude things.

The reason I use an exclude is because I have a CCTV camera generating about 4900 jpg's and 170 mkv's a day and I keep 10 days rolling history. This is a lot of files for clamscan which should all be virus free and it really slows down the scan time. The camera FTP's them into a specific user folder which is used for nothing else so I have added it to the exclude list by editing the underlying /usr/bin/clamscan file as you probably bumped into. I have a feature request somewhere in the bug tracker to cover this.

I have not edited any of the other operational parameters and they aren't exposed in the webconfig either. Unless you really want to, I'd probably leave them alone.

Are you sure that it's the right file because when opening that file I'll get a lot of weird characters on my screen.

Hi Marcel,
I'd expect them to be FP's. The signatures would be trying to detect the same viruses as the virus scanner so will have code to look for the same match.

Generally clamscan is run through the Webconfig over a limited number of folders governed by the webconfig. To scan custom folders you need to make a manual edit to an underlying file, so the idea is to just scan mail and user files. I am not sure of the web option because if you scan flexshares, I would expect you to scan web files as well. This is because, if you use the ClearOS Web Server setup, all the websites are bind mounted into the flexshares anyway. I may need to test that and adjust the documentation accordingly.

The reason I use an exclude is because I have a CCTV camera generating about 4900 jpg's and 170 mkv's a day and I keep 10 days rolling history. This is a lot of files for clamscan which should all be virus free and it really slows down the scan time. The camera FTP's them into a specific user folder which is used for nothing else so I have added it to the exclude list by editing the underlying /usr/sbin/file_scan file as you probably bumped into. I have a feature request somewhere in the bug tracker to cover this.

I have not edited any of the other operational parameters and they aren't exposed in the webconfig either. Unless you really want to, I'd probably leave them alone.

I'm now using "clamscan" with the following parameters

clamscan -ri --exclude-dir=/sys

"clamscan" notified me that is found 2 viruses in the "/etc/snort.d/rules/clearcenter/" directory. Are this false positives?

root@voyager /]# clamscan -ri --exclude-dir=/sys

/etc/snort.d/rules/clearcenter/activex.rules: Win.Trojan.cve_2011_2657-1 FOUND

/etc/snort.d/rules/clearcenter/deleted.rules: Html.Trojan.Blackhole-65 FOUND



----------- SCAN SUMMARY -----------

Known viruses: 6560851

Engine version: 0.99.3

Scanned directories: 14936

Scanned files: 49818

Infected files: 2

Data scanned: 3086.37 MB

Data read: 2553.09 MB (ratio 1.21:1)

Time: 276.267 sec (4 m 36 s)