On 21.11.15 20:29, Daniel L. Srebnick wrote:
To followup, I found that clamdscan works with either --fdpass or --stream.
If one of those parameters is not included on the command linem then I get
the permissions error.
yes, clamd needs permission to open a file you want it to scan.
you can open the file and either pass the opened file with your permissions
by --fdpass or send the file content to it via --stream.
otherwise, you must give clamd proper permissions...
-----Original Message-----
From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf
Of Bond Masuda
Sent: Saturday, November 21, 2015 13:02
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] clamdscan troubleshooting
Daniel,
You might want to look at these two SELinux booleans:
antivirus_can_scan_system
antivirus_use_jit
You can use 'getsebool':
$ getsebool antivirus_can_scan_system
antivirus_can_scan_system --> on
And you can use 'setsebool' to toggle the boolean setting.
Additionally, see man page for clamdscan and look at the "--fdpass" option.
Note that the clamd daemon is usually running as a different user.
Hope that points you in a useful direction.
Bond
On 11/21/2015 08:17 AM, Daniel L. Srebnick wrote:
I'm having some issues verifying a clamav install under FC 22.
I am doing some testing using clamdscan and have been running into
some kind of permission error as far as I can tell. For now, I have
set selinux to permissive to eliminate that as an issue.
I have an eicar.com file that I have scanned with clamscan and it
verifies that one file has been scanned and that one virus has been found.
Next, I want to submit a scan of eicar.com using clamdscan.
[root@zzz tmp]# ls -l eicar.com
-rw-rw-r--. 1 clamscan clamscan 68 Sep 4 2006 eicar.com
[root@zzz tmp]#
[root@ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp/eicar.com
/tmp/eicar.com: lstat() failed: No such file or directory. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.001 sec (0 m 0 s)
[root@ears tmp]# ls -l eicar.com
-rw-rw-r--. 1 clamscan clamscan 68 Sep 4 2006 eicar.com
[root@ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp/eicar.com
/tmp/eicar.com: lstat() failed: No such file or directory. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.001 sec (0 m 0 s)
Note that the file is not found. If I scan the directory instead:
[root@ears tmp]# clamdscan -c /etc/clamd.d/scan.conf /tmp
/tmp: OK
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.000 sec (0 m 0 s)
You have new mail in /var/spool/mail/dan
[root@ears tmp]#
No infected file is found and no errors.
clamd is running as clamscan.
Ready for any suggestions about what is happening here. I've been
working on this for a few days.
Thank you.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
On the other hand, you have different fingers.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
