Just to let you know that with the latest VPS (080515-0), the antirootkit log file should now also contain the footer (with ending time etc).
Cheers
Vlk
Just to let you know that with the latest VPS (080515-0), the antirootkit log file should now also contain the footer (with ending time etc).
Cheers
Vlk
Ask and ye shall receive
Not quite like winning the lottery … but very nice.
Thanks to you Vlk.
Great, all I have to do is get it to work, today I was waiting in ambush for the rootkit scan to start so I could pin down when it actually starts, e.g. what delay after the desktop. after a period of time I checked the aswAr.log and it still had the details from yesterdays scan.
So I don’t know what happened why the log wasn’t updated as a0 my VPS would have been 080514-0 but that would just means it wouldn’t have had the footer information, but it should have been updated.
So two questions.
What is the delay before the rootkit scan on 4.8.1195 as this has cropped up in a couple of topics and we the users don’t know for sure but it seems like 5 minutes as best as I can determine ?
How can we determine if the rootkit scan has taken place ?
e.g. if the log hasn’t been updated it could be a failure of the logging or the rootkit scan didn’t run.
As near as I can tell the scan on my system startup of the day ran 8 minutes after system start (and ran for 3 seconds).
Well my aswar.log has miraculously updated itself as it is now showing details of today’s scan. Obviously no footer info as when it ran I hadn’t got the latest VPS that changed the file format.
My boot was at 13:23 and the scan kicked off at 13:31 and that matches your 8 minutes, but I though it didn’t start the delay until the desktop came up.
I guess it would take somewhere around 1:30 - 2:00 minutes from boot to desktop and no activity, which would bring that down.
The delay is currently 8 minutes but we’re playing with this to minimize the risk of FP’s… so it cannot be really relied upon.
There’s probably no other way to tell besides the log file. But it should really get generated.
Thank you Vlk.