Selinux is disabled. No problem with clamdscan when I run a scan.
I performed further testing and noticed that: If I restart clamdscan and then smb everything seems to work. For example, if I try to open eicar.com (test virus), it detects malware and removes it. I can then easily open xls, doc, etc. files. Everything is correct. However, after a few minutes of use, for no apparent reason, I get this in the smb logs: Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216663, 0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.216843, 0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902581, 0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.902705, 0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907650, 0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.907749, 0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed Apr 27 15:26:24 X smbd_audit: zami3l | xx.xxx.xxx.xxx | public NETWORK|pread_recv|ok|/data/smb2/00-Projets/ldap.xlsx Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939625, 0, pid=14938] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) Apr 27 15:26:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: #020؆U: Aucun fichier ou dossier de ce type Apr 27 15:26:24 X smbd_audit: [2021/04/27 15:26:24.939732, 0, pid=14938] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) Apr 27 15:26:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/00-Projets/ldap.xlsx: Initializing scanner failed After that, nothing works anymore. I am then forced to restart smb. So the problem seems to become with samba and vfs_virusfilter..... Thank you for answer. Best Regards, Zami3l April 27, 2021 12:29:08 PM CEST Eero Volotinen <eero.voloti...@iki.fi> wrote: is the clamdscan working correctly? what is selinux status? is it running on permissive mode? Eero On Tue 27. Apr 2021 at 13.19, Zami3l via clamav-users <clamav-users@lists.clamav.net> wrote: Hello everyone, I have installed clamav for use with samba vfs virus filter. I want to be able to scan files as soon as they are opened. Operating System: CentOS Linux release 7.9.2009 (Core) The clamd@scan and smb services have no errors at boot time. As soon as a file is opened, an error appears in the logs and the file is not scanned : # samba_audit.log Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init) Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan) Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed # clamd.log Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND Apr 27 10:32:16 X clamd[8433]: Consumed entire command Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling Apr 27 10:32:16 X clamd[8433]: lstat() failed on: /data/smb2/matrice.xlsx Apr 27 10:32:16 X clamd[8433]: Finished scanthread Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13) Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8 # smbd.log Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log) Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data! The socket clamd is good : [root@X ~]# netstat --listen Sockets du domaine UNIX actives(seulement serveurs) Proto RefCnt Flags Type State I-Node Chemin unix 2 [ ACC ] STREAM LISTENING 32185 /run/clamd.scan/clamd.sock Do you have any ideas please? Thank you in advance ! Best Regards, Zami3l _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
