Hi I am using Centos 7.2, i.e.: /proc/version => Linux version 3.10.0-327.18.2.el7.x86_64 (buil...@kbuilder.dev.centos.org) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu May 12 11:03:55 UTC 2016
SElinux is running. Using Epel packages for clamav including unofficial signatures. Using latest clamavtk as well. Installed per https://www.adminsys.ch/2015/08/21/installing-clamav-epel-centosred-hat-7-nightmare/. freshclam functional clamscan functional clamavtk functional in KDE environment. clamd service can be started using your sample clamd.conf. 1/ $> clamd zPING $> clamd PING gives new line and then nothing. Need to terminate with control -c. Doesn't match manual? 2/ Enabled per clamd.conf-2016-06-01-OnAccessScan attached as used for for /etc/clamd.d/scan.conf . Results in attached /var/log/clamd.scan log at the end as attached. $ systemctl status clamd@scan ● clamd@scan.service - Generic clamav scanner daemon Loaded: loaded (/usr/lib/systemd/system/clamd@scan.service; enabled; vendor preset: disabled) Active: active (running) since Thu 2016-06-02 09:11:03 AEST; 2s ago Main PID: 29639 (clamd) CGroup: /system.slice/system-clamd.slice/clamd@scan.service └─29639 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes Jun 02 09:11:03 earth systemd[1]: Started Generic clamav scanner daemon. Jun 02 09:11:03 earth systemd[1]: Starting Generic clamav scanner daemon... Jun 02 09:11:03 earth clamd[29639]: clamd daemon 0.99.1 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Jun 02 09:11:03 earth clamd[29639]: Running as user clamscan (UID 981, GID 972) Jun 02 09:11:03 earth clamd[29639]: Log file size limited to 10485760 bytes. Jun 02 09:11:03 earth clamd[29639]: Reading databases from /var/lib/clamav Jun 02 09:11:03 earth clamd[29639]: Bytecode: Security mode set to "TrustSigned". Get in clamd.scan log Thu Jun 2 09:11:12 2016 -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted Thu Jun 2 09:11:12 2016 -> ScanOnAccess: clamd must be started by root Yet I note that running as root is not a good idea. I note some websites re Debian/Opensuse refer to apparmour settings being an issue. There appears to be no documentation re SElinux settings. Further clamd is running as clamscan user 981 $ ps -alx | grep clam 1 982 2959 1 20 0 73808 3168 pause Ss ? 0:04 /usr/bin/freshclam -d -c 4 0 1000 5587 5094 20 0 516868 39848 poll_s Sl ? 0:00 /usr/bin/perl /usr/bin/clamtk 0 1000 8876 5094 20 0 1241756 162936 poll_s Sl ? 0:03 /usr/bin/okular /home/robertk/Documents/PC/Intel-P4304CR2JNF/Applications/ClamAV/clamdoc.pdf --icon okular -caption Okular 4 981 29639 1 20 0 774572 551400 poll_s Ssl ? 0:18 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes 4 0 39355 16994 20 0 215476 4132 signal T pts/2 0:00 sudo clamd zPING 4 981 39387 39355 20 0 373808 307192 signal T pts/2 0:04 clamd zPING 0 1000 172437 16994 20 0 112660 984 pipe_w S+ pts/2 0:00 grep --color=auto clam Consequently your documentation is inadequate to cover the OnAccessScan case using SELinux as clamd service. Could you please assist before I tinker further with the system? Regards RobK _______________________________________________ Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
