Hello everyone,
I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.
Operating System: CentOS Linux release 7.9.2009 (Core)
The clamd@scan and smb services have no errors at boot time.
As soon as a file is opened, an error appears in the logs and the file is not scanned :
# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed
# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data!
The socket clamd is good :
[root@X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags Type State I-Node Chemin
unix 2 [ ACC ] STREAM LISTENING 32185 /run/clamd.scan/clamd.sock
Do you have any ideas please?
Thank you in advance !
Best Regards,
Zami3l
I have installed clamav for use with samba vfs virus filter.
I want to be able to scan files as soon as they are opened.
Operating System: CentOS Linux release 7.9.2009 (Core)
The clamd@scan and smb services have no errors at boot time.
As soon as a file is opened, an error appears in the logs and the file is not scanned :
# samba_audit.log
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362541, 0, pid=8446] ../../source3/modules/vfs_virusfilter_clamav.c:59(virusfilter_clamav_scan_init)
Apr 27 10:36:24 X smbd_audit: virusfilter_clamav_scan_init: clamd: Connecting to socket failed: %: Aucun fichier ou dossier de ce type
Apr 27 10:36:24 X smbd_audit: [2021/04/27 10:36:24.362680, 0, pid=8446] ../../source3/modules/vfs_virusfilter.c:1095(virusfilter_scan)
Apr 27 10:36:24 X smbd_audit: virusfilter_scan: Scan result: Error: /data/smb2/matrice.xlsx: Initializing scanner failed
# clamd.log
Apr 27 10:32:16 X clamd[8433]: got command SCAN /data/smb2/matrice.xlsx (95, 5), argument: /data/smb2/matrice.xlsx
Apr 27 10:32:16 X clamd[8433]: mode -> MODE_WAITREPLY
Apr 27 10:32:16 X clamd[8433]: Breaking command loop, mode is no longer MODE_COMMAND
Apr 27 10:32:16 X clamd[8433]: Consumed entire command
Apr 27 10:32:16 X clamd[8433]: Number of file descriptors polled: 1 fds
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Finished scanthread
Apr 27 10:32:16 X clamd[8433]: Scanthread: connection shut down (FD 13)
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (single) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: THRMGR: queue (bulk) crossed low threshold -> signaling
Apr 27 10:32:16 X clamd[8433]: Received POLLIN|POLLHUP on fd 8
# smbd.log
Apr 27 10:31:22 X smbd[8446]: [2021/04/27 10:31:22.338710, 0, pid=8446] ../../source3/modules/vfs_full_audit.c:624(do_log)
Apr 27 10:31:22 X smbd[8446]: do_log() failed to get vfs_handle->data!
The socket clamd is good :
[root@X ~]# netstat --listen
Sockets du domaine UNIX actives(seulement serveurs)
Proto RefCnt Flags Type State I-Node Chemin
unix 2 [ ACC ] STREAM LISTENING 32185 /run/clamd.scan/clamd.sock
Do you have any ideas please?
Thank you in advance !
Best Regards,
Zami3l