[clamav-users] ClamAV failed to scan files in /tmp folder

Reindl Harald h.reindl at thelounge.net
Tue Jan 30 15:45:52 UTC 2018

Am 30.01.2018 um 16:19 schrieb cpass test:
> Thanks for your help.
> httpd as the "PrivateTmp=yes".
> I did what you suggested, and changed the directory of the temporary folder
> of PHP (variable sys_temp_dir) to another directory and it work.
> Thanks

thought so

the reason for this settings is that you often find CVE's that random 
software creates whatever files in /tmp with bad permissions and so when 
your webserver has access to /tmp this becomes problematic

temp/session/upload-files should be as strictly as possible seperated 
and also be different per virtual host - 10 years ago somebody who 
insulted me used the same webhoster with shared session-dir and had his 
database credentials in the PHP session - bad mistake leading to a 
"re-design" some drunken night later :-)

> 2018-01-29 16:55 GMT-05:00 Reindl Harald <h.reindl at thelounge.net>:
>> Am 29.01.2018 um 20:27 schrieb cpass test:
>>> configured a Moodle LMS to use the ClamAV. They have a plugin in Moodle
>>> for
>>> it. Here are the parameters for connecting to ClamAV:
>>> Unix domain socket:  /var/run/clamd.scan/clamd.sock
>>> The clamd server is running and the socket really exist in specified
>>> location.
>>> WARNING: lstat() failed on: /tmp/phpag0dQF
>> let me guess:
>> * systemd
>> * one or both of the invloved services has "PrivateTmp=yes" in it's unit
>> don't use /tmp or /var/tmp then for files which both should be able to
>> access

More information about the clamav-users mailing list