Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. ClamAV>
  3. users
What causes ClamMisc to fail scanning?
clamav-users at lists
Sep 22, 2021, 9:37 AM
Post #1 of 3 (684 views)
Permalink
I'm trying to setup ClamAV on a host running Apache and Phusion Passenger.
After bringing up clamd and clamonacc, connecting to the Passenger app (web
browser on 443) will result in various "Daemon failed to scan" and "Not a
regular file ERROR" messages in the logs. It's not always the same file and
seems to be differ every time the machine is restarted.

The file having trouble has 0664 perms and is owned by passenger:passenger

If I add clamav to the 'passenger' group, the whole VM becomes unresponsive
when the app is connected to.

If I clamscan the file having trouble in the logs, everything seems to be
OK. Any thoughts?


==> /var/log/clamav/onacc.log <==
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png:
Not a regular file ERROR
ClamMisc: Unexpected issue; Daemon failed to scan:
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png

==> /var/log/clamav/clamav.log <==
Wed Sep 22 09:57:33 2021 -> Client disconnected (FD 9)
Wed Sep 22 09:57:33 2021 -> fd[11]: Not a regular file. ERROR


test# dir
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png
-rw-rw-r-- 1 passenger passenger 1766 Jan 25 2019
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png

test# sudo -u clamav /bin/bash --login

test$ clamscan
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png:
OK

----------- SCAN SUMMARY -----------
Known viruses: 8567354
Engine version: 0.103.2
Scanned directories: 0
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 14.975 sec (0 m 14 s)
Start Date: 2021:09:22 10:03:35
End Date: 2021:09:22 10:03:50
Re: What causes ClamMisc to fail scanning? [ In reply to ]
clamav-users at lists
Sep 23, 2021, 1:39 AM
Post #2 of 3 (683 views)
Permalink
Hi there,

On Wed, 22 Sep 2021, dee heffemm via clamav-users wrote:

> I'm trying to setup ClamAV on a host running Apache and Phusion Passenger.
> After bringing up clamd and clamonacc, connecting to the Passenger app (web
> browser on 443) will result in various "Daemon failed to scan" and "Not a
> regular file ERROR" messages in the logs. It's not always the same file and
> seems to be differ every time the machine is restarted.
>
> The file having trouble has 0664 perms and is owned by passenger:passenger

I don't use on-access scanning so I have little personal experience to
go on, but I suspect that you may be seeing the result of files being
modified while you are concurrently trying to scan them. Be aware in
a multi-user, multi-tasking operating system that things don't always
happen in the sequence most convenient to you. Often it's the least
convenient (and there I *do* have experience :) and you may need to
implement some kind of locking, semaphores, or other inter-process
communications to avoid tripping over your own feet.

> If I add clamav to the 'passenger' group, the whole VM becomes unresponsive
> when the app is connected to.

This sounds like a different issue and probably should be in its own thread.

> If I clamscan the file having trouble in the logs, everything seems to be
> OK. Any thoughts?

I would suggest that if you're investigating problems with scanning by
clamd, which is what clamonacc uses for the scanning, then clamdscan
might be better a better choice than clamscan for the investigations.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: What causes ClamMisc to fail scanning? [ In reply to ]
clamav-users at lists
Sep 23, 2021, 9:14 AM
Post #3 of 3 (683 views)
Permalink
On 9/23/21, G.W. Haywood via clamav-users <clamav-users@lists.clamav.net> wrote:
> Hi there,

Hi, and thanks!

>
> I would suggest that if you're investigating problems with scanning by
> clamd, which is what clamonacc uses for the scanning, then clamdscan
> might be better a better choice than clamscan for the investigations.

Interesting. I tried clamdscan and it DOES report an error with that
file (whereas clamscan does not). As the clamav user however, I'm able
to read it via the 'file' command. ps shows clamd running as the
'clamav' user so I'm stumped as to what's going on here. I'm going to
have to run the clamd process via strace or something..

both fuser and lsof return nothing when given the path to that
filename so I don't think there are any multi-user/locking/thread
issues there. I even tried stopping apache and still not able to
clamdscan it

test# sudo -u clamav /bin/bash --login

test$ ls -lart /var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png
-rw-rw-r-- 1 passenger passenger 1766 Jan 25 2019
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png

test$ file /var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png:
PNG image data, 180 x 180, 8-bit colormap, non-interlaced

test$ clamdscan --verbose
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png
/var/www/passenger/app1/shared/public/assets/favicon-ipad-3f9d14b84a660e5f92e9936caff986b1265746037c15421e693821c15b483444.png:
Can't open file or directory ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Start Date: 2021:09:23 10:58:02
End Date: 2021:09:23 10:58:02

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal