>>>>We have a central clamav server that does all of the actual scanning >>>You mean a remote one from clamdscan's perspective, queried via "TCPAddr >>>..."? >>Correct. >> >>TCPSocket 3310 >>TCPAddr clamav-central.company.com >man clamdscan: > > --fdpass > ... Only available if connected to clamd via local(unix) socket
>Still, I don't understand those errors. "File path check failure" is an error >message logged by the daemon, but clamdscan should have streamed the file >content in any case. Have you checked logs on clamav-central or on the clients >only? > >Try an "strace -e trace=network clamdscan ..." on affected clients. You should >see a line "sendto(3, "zINSTREAM\0", 10, 0, NULL, 0) = 10", indicating >streaming, even with --fdpass. This is what I see from the strace: sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23 recvfrom(3, "/etc/gshadow: File path check fa"..., 5120, 0, NULL, NULL) If I use --stream I get openat(AT_FDCWD, "/etc/gshadow", O_RDONLY) = 4 sendto(3, "zINSTREAM\0", 10, 0, NULL, 0) = 10 So is it safe to use --stream in this case, despite the documentation warning? _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
