[Clamav-devel] Fwd: Error while scanning directory other than /home directory

Wed Jan 6 06:22:54 UTC 2021

I have given the full permission to bash file and even in clamd.conf also I
have mentioned the full path of bash file. But unfortunately, it is not
executing.

bash file execution permission:
-rwxrwxrwx 1 <user> <user>   39 Dec 30 01:29 vfound.sh

clamd.conf:
VirusEvent /home/<user>/shiva/vfound.sh

---
Shivananda S.

On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <micasnyd at cisco.com>
wrote:

> Good to hear it's working with TCP. Strange that it didn't work with the
> local socket option.  I most frequently test with the local socket.
>
> VirusEvent may require the full path to any programs it calls.  Also
> remember that it may be executed by the clamd process as the clamav user so
> it will need permission to read/execute the script you're using.
>
> -Micah
>
> > -----Original Message-----
> > From: clamav-devel <clamav-devel-bounces at lists.clamav.net> On Behalf Of
> > Shivananda Shiragavi
> > Sent: Monday, January 4, 2021 11:43 PM
> > To: ClamAV Development <clamav-devel at lists.clamav.net>
> > Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other
> than
> > /home directory
> >
> > Thanks for the reply Micah,
> >
> > With the local socket option, I was getting the issues but when I tried
> with TCP
> > it worked. Now I am facing issues with VirusEvent, after finding the
> virus the
> > event should suppose to gets called and trigger the shell script but
> it's not
> > happening.
> >
> > Thanks,
> > Shivananda S.
> >
> > On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
> > <micasnyd at cisco.com>
> > wrote:
> >
> > > Hi Shivananda,
> > >
> > > Apologies for the delay, just got back to work after the holidays.
> > > It appears to me that the clamav user which clamd runs as does not
> > > have read permissions to the files that clamonacc is trying to scan.
> > >
> > > Unfortunately, the two best options to grant clamd access to scan any
> > > file requested by clamonacc are broken at present:
> > > 1. My favorite solution is to use the `clamonacc --fdpass` option so
> > > that clamd is given access to the file by clamonacc. We have a fix for
> > > this ready for the upcoming patch release.
> > > 2. My 2nd favorite solution is to have the service manager grant the
> > > clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We
> > > have a public pull request to test & merge, which should also be
> > > included in the upcoming patch release (https://github.com/Cisco-
> > Talos/clamav-devel/pull/135).
> > > I hope to have both of these issues fixed in the 0.103.1 patch release
> > > later this month.
> > >
> > > For now, I think you may need to either:
> > > - Run clamd as root without setting the `User` config option so it
> > > doesn't switch to run as the clamav user,
> > > - Run clamonacc in --stream mode (which can be quite slow), or
> > > - Add the clamav user to groups that can read the directories that
> > > will be watched/scanned.
> > >
> > > Regards,
> > > Micah
> > >
> > > > -----Original Message-----
> > > > From: clamav-devel <clamav-devel-bounces at lists.clamav.net> On Behalf
> > > > Of Shivananda Shiragavi
> > > > Sent: Tuesday, December 29, 2020 2:10 AM
> > > > To: clamav-devel at lists.clamav.net
> > > > Subject: [Clamav-devel] Fwd: Error while scanning directory other
> > > > than
> > > /home
> > > > directory
> > > >
> > > > Hi All,
> > > >
> > > > I am trying to enable *clamonacc* in my machine for /home its
> > > > working
> > > fine
> > > > but when I am trying to mention some other directory it is throwing
> > > > the following error:
> > > >
> > > >
> > > >
> > > >
> > > > *ClamWorker: performing scanning on file
> > > > '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
> > > > file or directory ERRORClamMisc: internal issue (client failed to
> > > scan)ClamWorker:
> > > > scan failed with error code 32*
> > > >
> > > > *clamd.conf:*
> > > >
> > > >
> > > >
> > > >
> > > > *OnAccessIncludePath /serverdataOnAccessPrevention
> > > > yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> > > > noOnAccessDisableDDD no*
> > > >
> > > > Could someone please help me to fix this issue?
> > > >
> > > > --
> > > > Shivananda Shiragavi
> > > > _______________________________________________
> > > >
> > > > clamav-devel mailing list
> > > > clamav-devel at lists.clamav.net
> > > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > > >
> > > > Please submit your patches to our Github: https://github.com/Cisco-
> > > > Talos/clamav-devel/pulls
> > > >
> > > > Help us build a comprehensive ClamAV guide:
> > > > https://github.com/vrtadmin/clamav-faq
> > > >
> > > > http://www.clamav.net/contact.html#ml
> > > _______________________________________________
> > >
> > > clamav-devel mailing list
> > > clamav-devel at lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >
> > > Please submit your patches to our Github:
> > > https://github.com/Cisco-Talos/clamav-devel/pulls
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> >
> >
> > --
> > Shivananda Shiragavi
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel at lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github: https://github.com/Cisco-
> > Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github:
> https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>