[clamav-users] Stop clamdscan from stepping on itself?

Ian clamav at zestysoft.com
Fri Oct 18 11:18:25 EDT 2019


> On Oct 18, 2019, at 12:02 AM, G.W. Haywood via clamav-users <clamav-users at lists.clamav.net> wrote:
> 
> Hi there,
> 
> On Thu, 17 Oct 2019, Ian via clamav-users wrote:
> 
>> Ubuntu 18.04.3 LTS
>> Clam 0.100.3+dfsg-0ubuntu0.18.04.1
>> 
>> When I run this:
>> 
>> /usr/bin/clamdscan -m -i --no-summary /
(Reinserted from original message for context)
I get this error:
clamd: /tmp/clamav-ebbb3a980b0a96075cdf8b18191ad4a3.tmp/tar302: Access denied. ERROR

> 
> Don't do that.
> 
> 1. Read the 'man' page for the valid options.
> 
> 2. Read the list archives for more about what *not* to scan on Linux.
> 

Government regulations require that I scan the entire filesystem daily -- I've already excluded the folders that contain pseudo files.  Also, it seems like bad advice to omit scanning the folder most likely to find a payload from a malicious actor (because file permissions tend to be lax in /tmp), but I could be misinterpreting what "Don't do that" means.

This doesn't seem like a difficult problem for clamav to solve -- clamd is asked to scan the file system and it creates temp files to accomplish this -- how can it be ignorant of what those files are?  Even if it didn't know the files, it could, after receiving an "ACCESS DENIED" error, do something akin to an lsof of the file, see that it is the one with the handle to the file, and silently move on?

I'm fairly certain I didn't run into this when I used clamscan instead, but I'll double check.


More information about the clamav-users mailing list