[clamav-users] Stop clamdscan from stepping on itself?

Mark Fortescue mark.lists at thurning-instruments.co.uk
Mon Oct 21 13:19:33 EDT 2019


Hi,

One point that seems to have been missed is that it is that 'clamdscan' 
is not necessarily creating the files in '/tmp'. It is most likely 
'clamd' which is a separate independent program. Given this, 'clamdscan' 
will not know what files to exclude form '/tmp' unless the 
clamd/clamdscan communications protocol is enhanced to address this. I 
do not think that such an enhancement is justified or desirable given 
the usage cases for 'clamd'.

Put simply, do not scan the directory where 'clamd' has been told to put 
its temporary files as this will is likely to cause issues.

I hope that this helps clarify some of the issues.

Regards
	Mark.

On 19/10/19 20:20, Ian via clamav-users wrote:
>
>
>> On Oct 19, 2019, at 10:58 AM, G.W. Haywood via clamav-users <clamav-users at lists.clamav.net> wrote:
>>
>> Hi there,
>>
>> On Sat, 19 Oct 2019, Ian via clamav-users wrote:
>>
>>> Are you going to address why 'clamscan --tempdir /tmp /tmp' doesn't
>>> produce the same behavior, that 'clamdscan /tmp' does?
>>
>> The clamd daemon has a man page which you should read.  It is, er, a
>> daemon, which, when you start it, loads some databases and then sits
>> and waits for something to send it things to scan against the loaded
>> databases.  It can do a few other things too, like reload databases
>> and report statistics, but basically it sits and waits for commands
>> and data.
>>
>> The clamd daemon has its own configuration file.  It is usually called
>> 'clamd.conf'.  This has its own man page, which you should also read.
>>
>> The clamdscan tool has a man page which you should read.  Its use is
>> generally to send stuff to the clamd daemon for scanning.
>>
>> The clamscan tool has a man page which you should read - it is about
>> three times as long as the man page for clamdscan.  This is a stand-
>> alone command-line tool and it does *not* use the clamd daemon to do
>> the scanning (and the configuration file for the clamd daemon has no
>> effect whatsoever on clamscan; you don't even need to have the clamd
>> daemon installed to be able to use clamscan).
>>
>> Note carefully the differences between clamscan and clamdscan, which,
>> although they have names differing only by one letter, behave in very
>> different ways.
>>
>> Of course if you'd read the documentation as I've asked you to, you'd
>> know all that already and you wouldn't be asking the question.
>>
>
>
> If the man pages answered all the questions, this mailing list wouldn't exist.  Hell, even the rules for this malling list don't ask people to refer to the man pages.
>
> I don't understand why you'd go into great detail about sockets, pipes and so forth with Steve in this thread (who didn't even ask for it), but, apparently, be so hostile towards answering my question.  Considering the length of time you've spent on this thread -- quoting from the man pages you cite seems like the lest painful path.
>
> For the record, I've already read through the man pages before I started this thread, and have just re-combed the man pages you've cited and could not find any advice/warnings about why I would run into problems with clamdscan having trouble scanning its own files in the temp directory while clamscan did not (This is for 0.100.3, so it could contain stale information or lack new additions).  I've seen switches where I can change the temp folder, but there are reasons why someone would do this outside of avoiding what I've ran into here such as file space limitations or for performance. There is nothing inherit in the process being a daemon vs manually ran that explains this difference in behavior.  My understanding of why the daemon exists is mainly for caching purposes, but that, I assume, is all in-memory and shouldn't require a change to file creating in the /tmp folder.
>
> I don't know if my original question came across as smarmy, you're just having some bad days, or I'm the current target for misdirected pent-up anger from lurking here for as long as you have, but, man, please cut me some slack.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users at lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


More information about the clamav-users mailing list