[clamav-users] CLAMAD - Connecting to socket failed

Tue Apr 27 13:46:15 UTC 2021

Selinux is disabled.

No problem with clamdscan when I run a scan.

I performed further testing and noticed that:

If I restart clamdscan and then smb everything seems to work.
For example, if I try to open eicar.com (test virus), it detects malware and removes it.
I can then easily open xls, doc, etc. files. Everything is correct.

However, after a few minutes of use, for no apparent reason, I get this in the smb logs:

Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed
Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625,  0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 15:26:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type
Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732,  0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 15:26:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed

After that, nothing works anymore. I am then forced to restart smb.

So the problem seems to become with samba and vfs_virusfilter.....

Thank you for answer.

Best Regards,
Zami3l

April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.volotinen at iki.fi> wrote:
is the clamdscan working correctly? what is selinux status? is it running on permissive mode?

Eero

On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <clamav-users at lists.clamav.net> wrote:

Hello everyone,

I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.

Operating System: CentOS Linux release 7.9.2009 (Core)

The clamd at scan and smb services have no errors at boot time.

As soon as a file is opened, an error appears in the logs and the file is not scanned :

# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541,  0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit:  virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680,  0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit:  virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed

# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8

# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710,  0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]:  do_log() failed to get vfs_handle->data!

The socket clamd is good :

[root at X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags       Type       State         I-Node   Chemin
unix  2      [ ACC ]     STREAM     LISTENING     32185    /run/clamd.scan/clamd.sock

Do you have any ideas please?
Thank you in advance !

Best Regards,
Zami3l
_______________________________________________

clamav-users mailing list
clamav-users at lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210427/5e462a81/attachment.htm>