is the clamdscan working correctly? what is selinux status? is it running on permissive mode?
Eero On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users < clamav-users@lists.clamav.net> wrote: > Hello everyone, > > I have installed clamav for use with samba vfs virus filter. > I want to be able to scan files as soon as they are opened. > > Operating System: CentOS Linux release 7.9.2009 (Core) > > The clamd@scan and smb services have no errors at boot time. > > As soon as a file is opened, an error appears in the logs and the file is > not scanned : > > # samba_audit.log > Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446] > ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) > Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: > Connecting to socket failed: %: Aucun fichier ou dossier de ce type > Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446] > ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) > Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error: > /data/smb2/matrice.xlsx: Initializing scanner failed > > # clamd.log > Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx > (95, 5), argument: /data/smb2/matrice.xlsx > Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY > Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer > MODE_COMMAND > Apr 27 10:32:16 X clamd[8433]: Consumed entire command > Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds > Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low > threshold -> signaling > Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold > -> signaling > Apr 27 10:32:16 X clamd[8433]: Finished scanthread > Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13) > Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low > threshold -> signaling > Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold > -> signaling > Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8 > > # smbd.log > Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446] > ../../source3/modules/vfs_full_audit.c:624(do_log) > Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data! > > The socket clamd is good : > > [root@X ~]# netstat --listen > Sockets du domaine UNIX actives(seulement serveurs) > Proto RefCnt Flags Type State I-Node Chemin > unix 2 [ ACC ] STREAM LISTENING 32185 > /run/clamd.scan/clamd.sock > > Do you have any ideas please? > Thank you in advance ! > > Best Regards, > Zami3l > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
