[clamav-users] clamdscan troubleshooting

Mon Nov 23 16:14:04 UTC 2015

On 21.11.15 20:29, Daniel L. Srebnick wrote:
>To followup, I found that clamdscan works with either --fdpass or --stream.
>If one of those parameters is not included on the command linem then I get
>the permissions error.

yes, clamd needs permission to open a file you want it to scan.
you can open the file and either pass the opened file with your permissions
by --fdpass or send the file content to it via --stream.

otherwise, you must give clamd proper permissions...

>-----Original Message-----
>From: clamav-users [mailto:clamav-users-bounces at lists.clamav.net] On Behalf
>Of Bond Masuda
>Sent: Saturday, November 21, 2015 13:02
>To: ClamAV users ML <clamav-users at lists.clamav.net>
>Subject: Re: [clamav-users] clamdscan troubleshooting
>
>Daniel,
>
>You might want to look at these two SELinux booleans:
>
>antivirus_can_scan_system
>antivirus_use_jit
>
>You can use 'getsebool':
>
>$ getsebool antivirus_can_scan_system
>antivirus_can_scan_system --> on
>
>And you can use 'setsebool' to toggle the boolean setting.
>
>Additionally, see man page for clamdscan and look at the "--fdpass" option.
>
>Note that the clamd daemon is usually running as a different user.
>
>Hope that points you in a useful direction.
>Bond
>
>On 11/21/2015 08:17 AM, Daniel L. Srebnick wrote:
>> I'm having some issues verifying a clamav install under FC 22.
>>
>>
>>
>> I am doing some testing using clamdscan and have been running into
>> some kind of permission error as far as I can tell.  For now, I have
>> set selinux to permissive to eliminate that as an issue.
>>
>>
>>
>> I have an eicar.com file that I have scanned with clamscan and it
>> verifies that one file has been scanned and that one virus has been found.
>>
>>
>>
>> Next, I want to submit a scan of eicar.com using clamdscan.
>>
>>
>>
>> [root at zzz tmp]# ls -l eicar.com
>>
>> -rw-rw-r--. 1 clamscan clamscan 68 Sep  4  2006 eicar.com
>>
>> [root at zzz tmp]#
>>
>>
>>
>>
>>
>> [root at ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp/eicar.com
>>
>> /tmp/eicar.com: lstat() failed: No such file or directory. ERROR
>>
>>
>>
>> ----------- SCAN SUMMARY -----------
>>
>> Infected files: 0
>>
>> Total errors: 1
>>
>> Time: 0.001 sec (0 m 0 s)
>>
>> [root at ears tmp]# ls -l eicar.com
>>
>> -rw-rw-r--. 1 clamscan clamscan 68 Sep  4  2006 eicar.com
>>
>> [root at ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp/eicar.com
>>
>> /tmp/eicar.com: lstat() failed: No such file or directory. ERROR
>>
>>
>>
>> ----------- SCAN SUMMARY -----------
>>
>> Infected files: 0
>>
>> Total errors: 1
>>
>> Time: 0.001 sec (0 m 0 s)
>>
>>
>>
>> Note that the file is not found.  If I scan the directory instead:
>>
>>
>>
>> [root at ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp
>>
>> /tmp: OK
>>
>>
>>
>> ----------- SCAN SUMMARY -----------
>>
>> Infected files: 0
>>
>> Time: 0.000 sec (0 m 0 s)
>>
>> You have new mail in /var/spool/mail/dan
>>
>> [root at ears tmp]#
>>
>>
>>
>> No infected file is found and no errors.
>>
>>
>>
>> clamd is running as clamscan.
>>
>>
>>
>> Ready for any suggestions about what is happening here.  I've been
>> working on this for a few days.
>>
>>
>>
>> Thank you.
>>
>> _______________________________________________
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>
>_______________________________________________
>Help us build a comprehensive ClamAV guide:
>https://github.com/vrtadmin/clamav-faq
>
>http://www.clamav.net/contact.html#ml
>
>_______________________________________________
>Help us build a comprehensive ClamAV guide:
>https://github.com/vrtadmin/clamav-faq
>
>http://www.clamav.net/contact.html#ml

-- 
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers. 