Mailing List Archive

Fwd: Error while scanning directory other than /home directory
Hi All,

I am trying to enable *clamonacc* in my machine for /home its working fine
but when I am trying to mention some other directory it is throwing the
following error:




*ClamWorker: performing scanning on file
'/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open file or
directory ERRORClamMisc: internal issue (client failed to scan)ClamWorker:
scan failed with error code 32*

*clamd.conf:*




*OnAccessIncludePath /serverdataOnAccessPrevention yesOnAccessExcludeUname
clamavOnAccessExcludeRootUID noOnAccessDisableDDD no*

Could someone please help me to fix this issue?

--
Shivananda Shiragavi
919860394833
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
Hi Shivananda,

Apologies for the delay, just got back to work after the holidays.
It appears to me that the clamav user which clamd runs as does not have read permissions to the files that clamonacc is trying to scan.

Unfortunately, the two best options to grant clamd access to scan any file requested by clamonacc are broken at present:
1. My favorite solution is to use the `clamonacc --fdpass` option so that clamd is given access to the file by clamonacc. We have a fix for this ready for the upcoming patch release.
2. My 2nd favorite solution is to have the service manager grant the clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We have a public pull request to test & merge, which should also be included in the upcoming patch release (https://github.com/Cisco-Talos/clamav-devel/pull/135).
I hope to have both of these issues fixed in the 0.103.1 patch release later this month.

For now, I think you may need to either:
- Run clamd as root without setting the `User` config option so it doesn't switch to run as the clamav user,
- Run clamonacc in --stream mode (which can be quite slow), or
- Add the clamav user to groups that can read the directories that will be watched/scanned.

Regards,
Micah

> -----Original Message-----
> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
> Shivananda Shiragavi
> Sent: Tuesday, December 29, 2020 2:10 AM
> To: clamav-devel@lists.clamav.net
> Subject: [Clamav-devel] Fwd: Error while scanning directory other than /home
> directory
>
> Hi All,
>
> I am trying to enable *clamonacc* in my machine for /home its working fine
> but when I am trying to mention some other directory it is throwing the
> following error:
>
>
>
>
> *ClamWorker: performing scanning on file
> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open file or
> directory ERRORClamMisc: internal issue (client failed to scan)ClamWorker:
> scan failed with error code 32*
>
> *clamd.conf:*
>
>
>
>
> *OnAccessIncludePath /serverdataOnAccessPrevention
> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> noOnAccessDisableDDD no*
>
> Could someone please help me to fix this issue?
>
> --
> Shivananda Shiragavi
> 919860394833
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-
> Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
Thanks for the reply Micah,

With the local socket option, I was getting the issues but when I tried
with TCP it worked. Now I am facing issues with VirusEvent, after finding
the virus the event should suppose to gets called and trigger the shell
script but it's not happening.

Thanks,
Shivananda S.

On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd) <micasnyd@cisco.com>
wrote:

> Hi Shivananda,
>
> Apologies for the delay, just got back to work after the holidays.
> It appears to me that the clamav user which clamd runs as does not have
> read permissions to the files that clamonacc is trying to scan.
>
> Unfortunately, the two best options to grant clamd access to scan any file
> requested by clamonacc are broken at present:
> 1. My favorite solution is to use the `clamonacc --fdpass` option so that
> clamd is given access to the file by clamonacc. We have a fix for this
> ready for the upcoming patch release.
> 2. My 2nd favorite solution is to have the service manager grant the clamd
> service CAP_DAC_READ_SEARCH capabilities to read any file. We have a public
> pull request to test & merge, which should also be included in the upcoming
> patch release (https://github.com/Cisco-Talos/clamav-devel/pull/135).
> I hope to have both of these issues fixed in the 0.103.1 patch release
> later this month.
>
> For now, I think you may need to either:
> - Run clamd as root without setting the `User` config option so it doesn't
> switch to run as the clamav user,
> - Run clamonacc in --stream mode (which can be quite slow), or
> - Add the clamav user to groups that can read the directories that will be
> watched/scanned.
>
> Regards,
> Micah
>
> > -----Original Message-----
> > From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
> > Shivananda Shiragavi
> > Sent: Tuesday, December 29, 2020 2:10 AM
> > To: clamav-devel@lists.clamav.net
> > Subject: [Clamav-devel] Fwd: Error while scanning directory other than
> /home
> > directory
> >
> > Hi All,
> >
> > I am trying to enable *clamonacc* in my machine for /home its working
> fine
> > but when I am trying to mention some other directory it is throwing the
> > following error:
> >
> >
> >
> >
> > *ClamWorker: performing scanning on file
> > '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open file or
> > directory ERRORClamMisc: internal issue (client failed to
> scan)ClamWorker:
> > scan failed with error code 32*
> >
> > *clamd.conf:*
> >
> >
> >
> >
> > *OnAccessIncludePath /serverdataOnAccessPrevention
> > yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> > noOnAccessDisableDDD no*
> >
> > Could someone please help me to fix this issue?
> >
> > --
> > Shivananda Shiragavi
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github: https://github.com/Cisco-
> > Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github:
> https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>


--
Shivananda Shiragavi
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
Good to hear it's working with TCP. Strange that it didn't work with the local socket option. I most frequently test with the local socket.

VirusEvent may require the full path to any programs it calls. Also remember that it may be executed by the clamd process as the clamav user so it will need permission to read/execute the script you're using.

-Micah

> -----Original Message-----
> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
> Shivananda Shiragavi
> Sent: Monday, January 4, 2021 11:43 PM
> To: ClamAV Development <clamav-devel@lists.clamav.net>
> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other than
> /home directory
>
> Thanks for the reply Micah,
>
> With the local socket option, I was getting the issues but when I tried with TCP
> it worked. Now I am facing issues with VirusEvent, after finding the virus the
> event should suppose to gets called and trigger the shell script but it's not
> happening.
>
> Thanks,
> Shivananda S.
>
> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
> <micasnyd@cisco.com>
> wrote:
>
> > Hi Shivananda,
> >
> > Apologies for the delay, just got back to work after the holidays.
> > It appears to me that the clamav user which clamd runs as does not
> > have read permissions to the files that clamonacc is trying to scan.
> >
> > Unfortunately, the two best options to grant clamd access to scan any
> > file requested by clamonacc are broken at present:
> > 1. My favorite solution is to use the `clamonacc --fdpass` option so
> > that clamd is given access to the file by clamonacc. We have a fix for
> > this ready for the upcoming patch release.
> > 2. My 2nd favorite solution is to have the service manager grant the
> > clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We
> > have a public pull request to test & merge, which should also be
> > included in the upcoming patch release (https://github.com/Cisco-
> Talos/clamav-devel/pull/135).
> > I hope to have both of these issues fixed in the 0.103.1 patch release
> > later this month.
> >
> > For now, I think you may need to either:
> > - Run clamd as root without setting the `User` config option so it
> > doesn't switch to run as the clamav user,
> > - Run clamonacc in --stream mode (which can be quite slow), or
> > - Add the clamav user to groups that can read the directories that
> > will be watched/scanned.
> >
> > Regards,
> > Micah
> >
> > > -----Original Message-----
> > > From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf
> > > Of Shivananda Shiragavi
> > > Sent: Tuesday, December 29, 2020 2:10 AM
> > > To: clamav-devel@lists.clamav.net
> > > Subject: [Clamav-devel] Fwd: Error while scanning directory other
> > > than
> > /home
> > > directory
> > >
> > > Hi All,
> > >
> > > I am trying to enable *clamonacc* in my machine for /home its
> > > working
> > fine
> > > but when I am trying to mention some other directory it is throwing
> > > the following error:
> > >
> > >
> > >
> > >
> > > *ClamWorker: performing scanning on file
> > > '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
> > > file or directory ERRORClamMisc: internal issue (client failed to
> > scan)ClamWorker:
> > > scan failed with error code 32*
> > >
> > > *clamd.conf:*
> > >
> > >
> > >
> > >
> > > *OnAccessIncludePath /serverdataOnAccessPrevention
> > > yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> > > noOnAccessDisableDDD no*
> > >
> > > Could someone please help me to fix this issue?
> > >
> > > --
> > > Shivananda Shiragavi
> > > _______________________________________________
> > >
> > > clamav-devel mailing list
> > > clamav-devel@lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >
> > > Please submit your patches to our Github: https://github.com/Cisco-
> > > Talos/clamav-devel/pulls
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github:
> > https://github.com/Cisco-Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
>
>
> --
> Shivananda Shiragavi
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-
> Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
I have given the full permission to bash file and even in clamd.conf also I
have mentioned the full path of bash file. But unfortunately, it is not
executing.

bash file execution permission:
-rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh

clamd.conf:
VirusEvent /home/<user>/shiva/vfound.sh

---
Shivananda S.

On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <micasnyd@cisco.com>
wrote:

> Good to hear it's working with TCP. Strange that it didn't work with the
> local socket option. I most frequently test with the local socket.
>
> VirusEvent may require the full path to any programs it calls. Also
> remember that it may be executed by the clamd process as the clamav user so
> it will need permission to read/execute the script you're using.
>
> -Micah
>
> > -----Original Message-----
> > From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
> > Shivananda Shiragavi
> > Sent: Monday, January 4, 2021 11:43 PM
> > To: ClamAV Development <clamav-devel@lists.clamav.net>
> > Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other
> than
> > /home directory
> >
> > Thanks for the reply Micah,
> >
> > With the local socket option, I was getting the issues but when I tried
> with TCP
> > it worked. Now I am facing issues with VirusEvent, after finding the
> virus the
> > event should suppose to gets called and trigger the shell script but
> it's not
> > happening.
> >
> > Thanks,
> > Shivananda S.
> >
> > On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
> > <micasnyd@cisco.com>
> > wrote:
> >
> > > Hi Shivananda,
> > >
> > > Apologies for the delay, just got back to work after the holidays.
> > > It appears to me that the clamav user which clamd runs as does not
> > > have read permissions to the files that clamonacc is trying to scan.
> > >
> > > Unfortunately, the two best options to grant clamd access to scan any
> > > file requested by clamonacc are broken at present:
> > > 1. My favorite solution is to use the `clamonacc --fdpass` option so
> > > that clamd is given access to the file by clamonacc. We have a fix for
> > > this ready for the upcoming patch release.
> > > 2. My 2nd favorite solution is to have the service manager grant the
> > > clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We
> > > have a public pull request to test & merge, which should also be
> > > included in the upcoming patch release (https://github.com/Cisco-
> > Talos/clamav-devel/pull/135).
> > > I hope to have both of these issues fixed in the 0.103.1 patch release
> > > later this month.
> > >
> > > For now, I think you may need to either:
> > > - Run clamd as root without setting the `User` config option so it
> > > doesn't switch to run as the clamav user,
> > > - Run clamonacc in --stream mode (which can be quite slow), or
> > > - Add the clamav user to groups that can read the directories that
> > > will be watched/scanned.
> > >
> > > Regards,
> > > Micah
> > >
> > > > -----Original Message-----
> > > > From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf
> > > > Of Shivananda Shiragavi
> > > > Sent: Tuesday, December 29, 2020 2:10 AM
> > > > To: clamav-devel@lists.clamav.net
> > > > Subject: [Clamav-devel] Fwd: Error while scanning directory other
> > > > than
> > > /home
> > > > directory
> > > >
> > > > Hi All,
> > > >
> > > > I am trying to enable *clamonacc* in my machine for /home its
> > > > working
> > > fine
> > > > but when I am trying to mention some other directory it is throwing
> > > > the following error:
> > > >
> > > >
> > > >
> > > >
> > > > *ClamWorker: performing scanning on file
> > > > '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
> > > > file or directory ERRORClamMisc: internal issue (client failed to
> > > scan)ClamWorker:
> > > > scan failed with error code 32*
> > > >
> > > > *clamd.conf:*
> > > >
> > > >
> > > >
> > > >
> > > > *OnAccessIncludePath /serverdataOnAccessPrevention
> > > > yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> > > > noOnAccessDisableDDD no*
> > > >
> > > > Could someone please help me to fix this issue?
> > > >
> > > > --
> > > > Shivananda Shiragavi
> > > > _______________________________________________
> > > >
> > > > clamav-devel mailing list
> > > > clamav-devel@lists.clamav.net
> > > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > > >
> > > > Please submit your patches to our Github: https://github.com/Cisco-
> > > > Talos/clamav-devel/pulls
> > > >
> > > > Help us build a comprehensive ClamAV guide:
> > > > https://github.com/vrtadmin/clamav-faq
> > > >
> > > > http://www.clamav.net/contact.html#ml
> > > _______________________________________________
> > >
> > > clamav-devel mailing list
> > > clamav-devel@lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >
> > > Please submit your patches to our Github:
> > > https://github.com/Cisco-Talos/clamav-devel/pulls
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> >
> >
> > --
> > Shivananda Shiragavi
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github: https://github.com/Cisco-
> > Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github:
> https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
Can clamav really execute this script?
How about directory permissions? I mean /home/<user>/shiva and
/home/<user> ?

On 1/6/21 7:22 AM, Shivananda Shiragavi wrote:
> I have given the full permission to bash file and even in clamd.conf also I
> have mentioned the full path of bash file. But unfortunately, it is not
> executing.
>
> bash file execution permission:
> -rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh
>
> clamd.conf:
> VirusEvent /home/<user>/shiva/vfound.sh
>
> ---
> Shivananda S.
>
> On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <micasnyd@cisco.com>
> wrote:
>
>> Good to hear it's working with TCP. Strange that it didn't work with the
>> local socket option. I most frequently test with the local socket.
>>
>> VirusEvent may require the full path to any programs it calls. Also
>> remember that it may be executed by the clamd process as the clamav user so
>> it will need permission to read/execute the script you're using.
>>
>> -Micah
>>
>>> -----Original Message-----
>>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
>>> Shivananda Shiragavi
>>> Sent: Monday, January 4, 2021 11:43 PM
>>> To: ClamAV Development <clamav-devel@lists.clamav.net>
>>> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other
>> than
>>> /home directory
>>>
>>> Thanks for the reply Micah,
>>>
>>> With the local socket option, I was getting the issues but when I tried
>> with TCP
>>> it worked. Now I am facing issues with VirusEvent, after finding the
>> virus the
>>> event should suppose to gets called and trigger the shell script but
>> it's not
>>> happening.
>>>
>>> Thanks,
>>> Shivananda S.
>>>
>>> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
>>> <micasnyd@cisco.com>
>>> wrote:
>>>
>>>> Hi Shivananda,
>>>>
>>>> Apologies for the delay, just got back to work after the holidays.
>>>> It appears to me that the clamav user which clamd runs as does not
>>>> have read permissions to the files that clamonacc is trying to scan.
>>>>
>>>> Unfortunately, the two best options to grant clamd access to scan any
>>>> file requested by clamonacc are broken at present:
>>>> 1. My favorite solution is to use the `clamonacc --fdpass` option so
>>>> that clamd is given access to the file by clamonacc. We have a fix for
>>>> this ready for the upcoming patch release.
>>>> 2. My 2nd favorite solution is to have the service manager grant the
>>>> clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We
>>>> have a public pull request to test & merge, which should also be
>>>> included in the upcoming patch release (https://github.com/Cisco-
>>> Talos/clamav-devel/pull/135).
>>>> I hope to have both of these issues fixed in the 0.103.1 patch release
>>>> later this month.
>>>>
>>>> For now, I think you may need to either:
>>>> - Run clamd as root without setting the `User` config option so it
>>>> doesn't switch to run as the clamav user,
>>>> - Run clamonacc in --stream mode (which can be quite slow), or
>>>> - Add the clamav user to groups that can read the directories that
>>>> will be watched/scanned.
>>>>
>>>> Regards,
>>>> Micah
>>>>
>>>>> -----Original Message-----
>>>>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf
>>>>> Of Shivananda Shiragavi
>>>>> Sent: Tuesday, December 29, 2020 2:10 AM
>>>>> To: clamav-devel@lists.clamav.net
>>>>> Subject: [Clamav-devel] Fwd: Error while scanning directory other
>>>>> than
>>>> /home
>>>>> directory
>>>>>
>>>>> Hi All,
>>>>>
>>>>> I am trying to enable *clamonacc* in my machine for /home its
>>>>> working
>>>> fine
>>>>> but when I am trying to mention some other directory it is throwing
>>>>> the following error:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *ClamWorker: performing scanning on file
>>>>> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
>>>>> file or directory ERRORClamMisc: internal issue (client failed to
>>>> scan)ClamWorker:
>>>>> scan failed with error code 32*
>>>>>
>>>>> *clamd.conf:*
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> *OnAccessIncludePath /serverdataOnAccessPrevention
>>>>> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
>>>>> noOnAccessDisableDDD no*
>>>>>
>>>>> Could someone please help me to fix this issue?
>>>>>
>>>>> --
>>>>> Shivananda Shiragavi
>>>>> _______________________________________________
>>>>>
>>>>> clamav-devel mailing list
>>>>> clamav-devel@lists.clamav.net
>>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
>>>>>
>>>>> Please submit your patches to our Github: https://github.com/Cisco-
>>>>> Talos/clamav-devel/pulls
>>>>>
>>>>> Help us build a comprehensive ClamAV guide:
>>>>> https://github.com/vrtadmin/clamav-faq
>>>>>
>>>>> http://www.clamav.net/contact.html#ml
>>>> _______________________________________________
>>>>
>>>> clamav-devel mailing list
>>>> clamav-devel@lists.clamav.net
>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
>>>>
>>>> Please submit your patches to our Github:
>>>> https://github.com/Cisco-Talos/clamav-devel/pulls
>>>>
>>>> Help us build a comprehensive ClamAV guide:
>>>> https://github.com/vrtadmin/clamav-faq
>>>>
>>>> http://www.clamav.net/contact.html#ml
>>>>
>>>
>>>
>>> --
>>> Shivananda Shiragavi
>>> _______________________________________________
>>>
>>> clamav-devel mailing list
>>> clamav-devel@lists.clamav.net
>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
>>>
>>> Please submit your patches to our Github: https://github.com/Cisco-
>>> Talos/clamav-devel/pulls
>>>
>>> Help us build a comprehensive ClamAV guide:
>>> https://github.com/vrtadmin/clamav-faq
>>>
>>> http://www.clamav.net/contact.html#ml
>> _______________________________________________
>>
>> clamav-devel mailing list
>> clamav-devel@lists.clamav.net
>> https://lists.clamav.net/mailman/listinfo/clamav-devel
>>
>> Please submit your patches to our Github:
>> https://github.com/Cisco-Talos/clamav-devel/pulls
>>
>> Help us build a comprehensive ClamAV guide:
>> https://github.com/vrtadmin/clamav-faq
>>
>> http://www.clamav.net/contact.html#ml
>>
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
I have given full permission to /home/<user>/shiva directory, also I am
running clamav as root user and clamonacc is also by default root user only.
In this case it should run....

On Thu, 7 Jan, 2021, 7:39 pm Jacek Zapa?a, <jacek@it.pl> wrote:

> Can clamav really execute this script?
> How about directory permissions? I mean /home/<user>/shiva and
> /home/<user> ?
>
> On 1/6/21 7:22 AM, Shivananda Shiragavi wrote:
> > I have given the full permission to bash file and even in clamd.conf
> also I
> > have mentioned the full path of bash file. But unfortunately, it is not
> > executing.
> >
> > bash file execution permission:
> > -rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh
> >
> > clamd.conf:
> > VirusEvent /home/<user>/shiva/vfound.sh
> >
> > ---
> > Shivananda S.
> >
> > On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <
> micasnyd@cisco.com>
> > wrote:
> >
> >> Good to hear it's working with TCP. Strange that it didn't work with the
> >> local socket option. I most frequently test with the local socket.
> >>
> >> VirusEvent may require the full path to any programs it calls. Also
> >> remember that it may be executed by the clamd process as the clamav
> user so
> >> it will need permission to read/execute the script you're using.
> >>
> >> -Micah
> >>
> >>> -----Original Message-----
> >>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf
> Of
> >>> Shivananda Shiragavi
> >>> Sent: Monday, January 4, 2021 11:43 PM
> >>> To: ClamAV Development <clamav-devel@lists.clamav.net>
> >>> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other
> >> than
> >>> /home directory
> >>>
> >>> Thanks for the reply Micah,
> >>>
> >>> With the local socket option, I was getting the issues but when I tried
> >> with TCP
> >>> it worked. Now I am facing issues with VirusEvent, after finding the
> >> virus the
> >>> event should suppose to gets called and trigger the shell script but
> >> it's not
> >>> happening.
> >>>
> >>> Thanks,
> >>> Shivananda S.
> >>>
> >>> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
> >>> <micasnyd@cisco.com>
> >>> wrote:
> >>>
> >>>> Hi Shivananda,
> >>>>
> >>>> Apologies for the delay, just got back to work after the holidays.
> >>>> It appears to me that the clamav user which clamd runs as does not
> >>>> have read permissions to the files that clamonacc is trying to scan.
> >>>>
> >>>> Unfortunately, the two best options to grant clamd access to scan any
> >>>> file requested by clamonacc are broken at present:
> >>>> 1. My favorite solution is to use the `clamonacc --fdpass` option so
> >>>> that clamd is given access to the file by clamonacc. We have a fix for
> >>>> this ready for the upcoming patch release.
> >>>> 2. My 2nd favorite solution is to have the service manager grant the
> >>>> clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We
> >>>> have a public pull request to test & merge, which should also be
> >>>> included in the upcoming patch release (https://github.com/Cisco-
> >>> Talos/clamav-devel/pull/135).
> >>>> I hope to have both of these issues fixed in the 0.103.1 patch release
> >>>> later this month.
> >>>>
> >>>> For now, I think you may need to either:
> >>>> - Run clamd as root without setting the `User` config option so it
> >>>> doesn't switch to run as the clamav user,
> >>>> - Run clamonacc in --stream mode (which can be quite slow), or
> >>>> - Add the clamav user to groups that can read the directories that
> >>>> will be watched/scanned.
> >>>>
> >>>> Regards,
> >>>> Micah
> >>>>
> >>>>> -----Original Message-----
> >>>>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf
> >>>>> Of Shivananda Shiragavi
> >>>>> Sent: Tuesday, December 29, 2020 2:10 AM
> >>>>> To: clamav-devel@lists.clamav.net
> >>>>> Subject: [Clamav-devel] Fwd: Error while scanning directory other
> >>>>> than
> >>>> /home
> >>>>> directory
> >>>>>
> >>>>> Hi All,
> >>>>>
> >>>>> I am trying to enable *clamonacc* in my machine for /home its
> >>>>> working
> >>>> fine
> >>>>> but when I am trying to mention some other directory it is throwing
> >>>>> the following error:
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> *ClamWorker: performing scanning on file
> >>>>> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
> >>>>> file or directory ERRORClamMisc: internal issue (client failed to
> >>>> scan)ClamWorker:
> >>>>> scan failed with error code 32*
> >>>>>
> >>>>> *clamd.conf:*
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>> *OnAccessIncludePath /serverdataOnAccessPrevention
> >>>>> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> >>>>> noOnAccessDisableDDD no*
> >>>>>
> >>>>> Could someone please help me to fix this issue?
> >>>>>
> >>>>> --
> >>>>> Shivananda Shiragavi
> >>>>> _______________________________________________
> >>>>>
> >>>>> clamav-devel mailing list
> >>>>> clamav-devel@lists.clamav.net
> >>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> >>>>>
> >>>>> Please submit your patches to our Github: https://github.com/Cisco-
> >>>>> Talos/clamav-devel/pulls
> >>>>>
> >>>>> Help us build a comprehensive ClamAV guide:
> >>>>> https://github.com/vrtadmin/clamav-faq
> >>>>>
> >>>>> http://www.clamav.net/contact.html#ml
> >>>> _______________________________________________
> >>>>
> >>>> clamav-devel mailing list
> >>>> clamav-devel@lists.clamav.net
> >>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> >>>>
> >>>> Please submit your patches to our Github:
> >>>> https://github.com/Cisco-Talos/clamav-devel/pulls
> >>>>
> >>>> Help us build a comprehensive ClamAV guide:
> >>>> https://github.com/vrtadmin/clamav-faq
> >>>>
> >>>> http://www.clamav.net/contact.html#ml
> >>>>
> >>>
> >>>
> >>> --
> >>> Shivananda Shiragavi
> >>> _______________________________________________
> >>>
> >>> clamav-devel mailing list
> >>> clamav-devel@lists.clamav.net
> >>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> >>>
> >>> Please submit your patches to our Github: https://github.com/Cisco-
> >>> Talos/clamav-devel/pulls
> >>>
> >>> Help us build a comprehensive ClamAV guide:
> >>> https://github.com/vrtadmin/clamav-faq
> >>>
> >>> http://www.clamav.net/contact.html#ml
> >> _______________________________________________
> >>
> >> clamav-devel mailing list
> >> clamav-devel@lists.clamav.net
> >> https://lists.clamav.net/mailman/listinfo/clamav-devel
> >>
> >> Please submit your patches to our Github:
> >> https://github.com/Cisco-Talos/clamav-devel/pulls
> >>
> >> Help us build a comprehensive ClamAV guide:
> >> https://github.com/vrtadmin/clamav-faq
> >>
> >> http://www.clamav.net/contact.html#ml
> >>
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github:
> https://github.com/Cisco-Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github:
> https://github.com/Cisco-Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: Fwd: Error while scanning directory other than /home directory [ In reply to ]
The clamav user would also have to have access to /home/<user> for this to work. You might try using a different directory to test it. Also, if your script doesn't start with the #!/bin/sh or #!/bin/bash or something similar, you may need to change:

VirusEvent /<path>/<to>/<script>/vfound.sh

To:

VirusEvent /bin/sh /<path>/<to>/<script>/vfound.sh

-Micah

> -----Original Message-----
> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On Behalf Of
> Shivananda Shiragavi
> Sent: Thursday, January 7, 2021 7:36 PM
> To: ClamAV Development <clamav-devel@lists.clamav.net>
> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other than
> /home directory
>
> I have given full permission to /home/<user>/shiva directory, also I am running
> clamav as root user and clamonacc is also by default root user only.
> In this case it should run....
>
> On Thu, 7 Jan, 2021, 7:39 pm Jacek Zapa?a, <jacek@it.pl> wrote:
>
> > Can clamav really execute this script?
> > How about directory permissions? I mean /home/<user>/shiva and
> > /home/<user> ?
> >
> > On 1/6/21 7:22 AM, Shivananda Shiragavi wrote:
> > > I have given the full permission to bash file and even in clamd.conf
> > also I
> > > have mentioned the full path of bash file. But unfortunately, it is
> > > not executing.
> > >
> > > bash file execution permission:
> > > -rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh
> > >
> > > clamd.conf:
> > > VirusEvent /home/<user>/shiva/vfound.sh
> > >
> > > ---
> > > Shivananda S.
> > >
> > > On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <
> > micasnyd@cisco.com>
> > > wrote:
> > >
> > >> Good to hear it's working with TCP. Strange that it didn't work
> > >> with the local socket option. I most frequently test with the local socket.
> > >>
> > >> VirusEvent may require the full path to any programs it calls.
> > >> Also remember that it may be executed by the clamd process as the
> > >> clamav
> > user so
> > >> it will need permission to read/execute the script you're using.
> > >>
> > >> -Micah
> > >>
> > >>> -----Original Message-----
> > >>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On
> > >>> Behalf
> > Of
> > >>> Shivananda Shiragavi
> > >>> Sent: Monday, January 4, 2021 11:43 PM
> > >>> To: ClamAV Development <clamav-devel@lists.clamav.net>
> > >>> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory
> > >>> other
> > >> than
> > >>> /home directory
> > >>>
> > >>> Thanks for the reply Micah,
> > >>>
> > >>> With the local socket option, I was getting the issues but when I
> > >>> tried
> > >> with TCP
> > >>> it worked. Now I am facing issues with VirusEvent, after finding
> > >>> the
> > >> virus the
> > >>> event should suppose to gets called and trigger the shell script
> > >>> but
> > >> it's not
> > >>> happening.
> > >>>
> > >>> Thanks,
> > >>> Shivananda S.
> > >>>
> > >>> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd)
> > >>> <micasnyd@cisco.com>
> > >>> wrote:
> > >>>
> > >>>> Hi Shivananda,
> > >>>>
> > >>>> Apologies for the delay, just got back to work after the holidays.
> > >>>> It appears to me that the clamav user which clamd runs as does
> > >>>> not have read permissions to the files that clamonacc is trying to scan.
> > >>>>
> > >>>> Unfortunately, the two best options to grant clamd access to scan
> > >>>> any file requested by clamonacc are broken at present:
> > >>>> 1. My favorite solution is to use the `clamonacc --fdpass` option
> > >>>> so that clamd is given access to the file by clamonacc. We have a
> > >>>> fix for this ready for the upcoming patch release.
> > >>>> 2. My 2nd favorite solution is to have the service manager grant
> > >>>> the clamd service CAP_DAC_READ_SEARCH capabilities to read any
> > >>>> file. We have a public pull request to test & merge, which should
> > >>>> also be included in the upcoming patch release
> > >>>> (https://github.com/Cisco-
> > >>> Talos/clamav-devel/pull/135).
> > >>>> I hope to have both of these issues fixed in the 0.103.1 patch
> > >>>> release later this month.
> > >>>>
> > >>>> For now, I think you may need to either:
> > >>>> - Run clamd as root without setting the `User` config option so
> > >>>> it doesn't switch to run as the clamav user,
> > >>>> - Run clamonacc in --stream mode (which can be quite slow), or
> > >>>> - Add the clamav user to groups that can read the directories
> > >>>> that will be watched/scanned.
> > >>>>
> > >>>> Regards,
> > >>>> Micah
> > >>>>
> > >>>>> -----Original Message-----
> > >>>>> From: clamav-devel <clamav-devel-bounces@lists.clamav.net> On
> > >>>>> Behalf Of Shivananda Shiragavi
> > >>>>> Sent: Tuesday, December 29, 2020 2:10 AM
> > >>>>> To: clamav-devel@lists.clamav.net
> > >>>>> Subject: [Clamav-devel] Fwd: Error while scanning directory
> > >>>>> other than
> > >>>> /home
> > >>>>> directory
> > >>>>>
> > >>>>> Hi All,
> > >>>>>
> > >>>>> I am trying to enable *clamonacc* in my machine for /home its
> > >>>>> working
> > >>>> fine
> > >>>>> but when I am trying to mention some other directory it is
> > >>>>> throwing the following error:
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *ClamWorker: performing scanning on file
> > >>>>> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open
> > >>>>> file or directory ERRORClamMisc: internal issue (client failed
> > >>>>> to
> > >>>> scan)ClamWorker:
> > >>>>> scan failed with error code 32*
> > >>>>>
> > >>>>> *clamd.conf:*
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> *OnAccessIncludePath /serverdataOnAccessPrevention
> > >>>>> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID
> > >>>>> noOnAccessDisableDDD no*
> > >>>>>
> > >>>>> Could someone please help me to fix this issue?
> > >>>>>
> > >>>>> --
> > >>>>> Shivananda Shiragavi
> > >>>>> _______________________________________________
> > >>>>>
> > >>>>> clamav-devel mailing list
> > >>>>> clamav-devel@lists.clamav.net
> > >>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >>>>>
> > >>>>> Please submit your patches to our Github:
> > >>>>> https://github.com/Cisco- Talos/clamav-devel/pulls
> > >>>>>
> > >>>>> Help us build a comprehensive ClamAV guide:
> > >>>>> https://github.com/vrtadmin/clamav-faq
> > >>>>>
> > >>>>> http://www.clamav.net/contact.html#ml
> > >>>> _______________________________________________
> > >>>>
> > >>>> clamav-devel mailing list
> > >>>> clamav-devel@lists.clamav.net
> > >>>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >>>>
> > >>>> Please submit your patches to our Github:
> > >>>> https://github.com/Cisco-Talos/clamav-devel/pulls
> > >>>>
> > >>>> Help us build a comprehensive ClamAV guide:
> > >>>> https://github.com/vrtadmin/clamav-faq
> > >>>>
> > >>>> http://www.clamav.net/contact.html#ml
> > >>>>
> > >>>
> > >>>
> > >>> --
> > >>> Shivananda Shiragavi
> > >>> _______________________________________________
> > >>>
> > >>> clamav-devel mailing list
> > >>> clamav-devel@lists.clamav.net
> > >>> https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >>>
> > >>> Please submit your patches to our Github:
> > >>> https://github.com/Cisco- Talos/clamav-devel/pulls
> > >>>
> > >>> Help us build a comprehensive ClamAV guide:
> > >>> https://github.com/vrtadmin/clamav-faq
> > >>>
> > >>> http://www.clamav.net/contact.html#ml
> > >> _______________________________________________
> > >>
> > >> clamav-devel mailing list
> > >> clamav-devel@lists.clamav.net
> > >> https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >>
> > >> Please submit your patches to our Github:
> > >> https://github.com/Cisco-Talos/clamav-devel/pulls
> > >>
> > >> Help us build a comprehensive ClamAV guide:
> > >> https://github.com/vrtadmin/clamav-faq
> > >>
> > >> http://www.clamav.net/contact.html#ml
> > >>
> > > _______________________________________________
> > >
> > > clamav-devel mailing list
> > > clamav-devel@lists.clamav.net
> > > https://lists.clamav.net/mailman/listinfo/clamav-devel
> > >
> > > Please submit your patches to our Github:
> > https://github.com/Cisco-Talos/clamav-devel/pulls
> > >
> > > Help us build a comprehensive ClamAV guide:
> > > https://github.com/vrtadmin/clamav-faq
> > >
> > > http://www.clamav.net/contact.html#ml
> > >
> > _______________________________________________
> >
> > clamav-devel mailing list
> > clamav-devel@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-devel
> >
> > Please submit your patches to our Github:
> > https://github.com/Cisco-Talos/clamav-devel/pulls
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
> >
> _______________________________________________
>
> clamav-devel mailing list
> clamav-devel@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-devel
>
> Please submit your patches to our Github: https://github.com/Cisco-
> Talos/clamav-devel/pulls
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
_______________________________________________

clamav-devel mailing list
clamav-devel@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-devel

Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls

Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml