On some systems clamdscan gets a permission denied error. We have been unable to determine why it fails on some hosts and not others. I don't see anything in /var/log/audit/audit.log to explain the failure. We are running version 0.103.11-1.el8 on RHEL 8.9 with FIPS mode and SELinux enabled. We have a central clamav server that does all of the actual scanning. I've found that if I replace "--fdpass" with "--stream" the error goes away, however the documentation states that this should only be used for testing and debugging. When using a central server should I be using "--stream" instead of "--fdpass"?
Information on broken host: $ sudo /usr/bin/clamdscan --fdpass --infected --no-summary --stdout /etc/gshadow /etc/gshadow: File path check failure: Permission denied. ERROR /etc/gshadow: File path check failure: Permission denied. ERROR $ cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.9 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.9" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.9 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos" HOME_URL="https://www.redhat.com/"; DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"; BUG_REPORT_URL="https://bugzilla.redhat.com/"; REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.9" $ getsebool -a | grep antivirus antivirus_can_scan_system --> on antivirus_use_jit --> off $ fips-mode-setup --check FIPS mode is enabled. Information on working host: $ sudo /usr/bin/clamdscan --fdpass --infected --no-summary --stdout /etc/gshadow $ cat /etc/os-release NAME="Red Hat Enterprise Linux" VERSION="8.9 (Ootpa)" ID="rhel" ID_LIKE="fedora" VERSION_ID="8.9" PLATFORM_ID="platform:el8" PRETTY_NAME="Red Hat Enterprise Linux 8.9 (Ootpa)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:redhat:enterprise_linux:8::baseos" HOME_URL="https://www.redhat.com/"; DOCUMENTATION_URL="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8"; BUG_REPORT_URL="https://bugzilla.redhat.com/"; REDHAT_BUGZILLA_PRODUCT="Red Hat Enterprise Linux 8" REDHAT_BUGZILLA_PRODUCT_VERSION=8.9 REDHAT_SUPPORT_PRODUCT="Red Hat Enterprise Linux" REDHAT_SUPPORT_PRODUCT_VERSION="8.9" $ getsebool -a | grep antivirus antivirus_can_scan_system --> on antivirus_use_jit --> off $ fips-mode-setup --check FIPS mode is enabled. Jon Schewe Principal Software Systems Technologist C: +1 612.263.2718 O: +1 952.545.5720 jon.sch...@rtx.com<mailto:jon.sch...@rtx.com> RTX BBN Technologies 5775 Wayzata Blvd. Suite 630 St. Louis Park, MN 55416
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
