[clamav-users] ClamAV failed to scan files in /tmp folder

Reindl Harald h.reindl at thelounge.net
Tue Jan 30 15:45:52 UTC 2018



Am 30.01.2018 um 16:19 schrieb cpass test:
> Thanks for your help.
> 
> httpd as the "PrivateTmp=yes".
> 
> I did what you suggested, and changed the directory of the temporary folder
> of PHP (variable sys_temp_dir) to another directory and it work.
> Thanks

thought so

the reason for this settings is that you often find CVE's that random 
software creates whatever files in /tmp with bad permissions and so when 
your webserver has access to /tmp this becomes problematic

temp/session/upload-files should be as strictly as possible seperated 
and also be different per virtual host - 10 years ago somebody who 
insulted me used the same webhoster with shared session-dir and had his 
database credentials in the PHP session - bad mistake leading to a 
"re-design" some drunken night later :-)

> 2018-01-29 16:55 GMT-05:00 Reindl Harald <h.reindl at thelounge.net>:
> 
>>
>> Am 29.01.2018 um 20:27 schrieb cpass test:
>>
>>> configured a Moodle LMS to use the ClamAV. They have a plugin in Moodle
>>> for
>>> it. Here are the parameters for connecting to ClamAV:
>>>
>>> Unix domain socket:  /var/run/clamd.scan/clamd.sock
>>>
>>> The clamd server is running and the socket really exist in specified
>>> location.
>>>
>>> WARNING: lstat() failed on: /tmp/phpag0dQF
>>>
>> let me guess:
>>
>> * systemd
>> * one or both of the invloved services has "PrivateTmp=yes" in it's unit
>>
>> don't use /tmp or /var/tmp then for files which both should be able to
>> access



More information about the clamav-users mailing list