Mailing List Archive

Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> I am trying to start clamonacc on a rhel 7.9 machine, but I am
> getting an error. Clamd daemon is running. Please see error below:
>
> root@ip-10-64-205-19 bin]# clamonacc
> ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
> ERROR: Clamonacc: daemon is local, but a connection could not be established

Please post the output of

clamconf -n

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

root@ip-10-64-205-19 bin]# clamconf -n
Checking configuration files in /etc

Config file: clamd.d/scan.conf
------------------------------
LogFile = "/var/log/clamd.scan"
LogFileMaxSize = "10485760"
LogTime = "yes"
LogSyslog = "yes"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/var/run/clamd.scan/clamd.pid"
LocalSocket = "/var/run/clamd.scan/clamd.sock"
TCPSocket = "3310"
TCPAddr = "127.0.0.1"
ExcludePath = "^/proc/", "^/sys/"
User = "clamscan"
ScanMail disabled
OnAccessMountPath = "/"
OnAccessIncludePath = "/var"
OnAccessExcludePath = "/proc", "/dev", "/sys", "/var/log", "/var/lib/clamav"
OnAccessExcludeRootUID = "yes"
OnAccessPrevention = "yes"
OnAccessExtraScanning = "yes"

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "2097152"
LogTime = "yes"
LogSyslog = "yes"
LogRotate = "yes"
PidFile = "/var/run/freshclam.pid"
UpdateLogFile = "/var/log/freshclam.log"
PrivateMirror = "clamav-mirror.sec.cnqr.tech"
ScriptedUpdates disabled

mail/clamav-milter.conf not found

Software settings
-----------------
Version: 0.103.2
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information
--------------------
Database directory: /var/lib/clamav
daily.cvd: version 26215, sigs: 3992535, built on Mon Jun 28 11:09:26 2021
main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 13:56:15 2019
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
Total number of signatures: 8557529

Platform information
--------------------
uname: Linux 3.10.0-1160.31.1.el7.x86_64 #1 SMP Wed May 26 20:18:08 UTC 2021 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a217b7b0800000002040805

Build information
-----------------
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 123, dconf: 123

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Date: Tuesday, June 29, 2021 at 12:24 AM
To: Lopez, Carmelo via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Not able to start clamonacc
Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> I am trying to start clamonacc on a rhel 7.9 machine, but I am
> getting an error. Clamd daemon is running. Please see error below:
>
> root@ip-10-64-205-19 bin]# clamonacc
> ERROR: ClamClient: Could not connect to clamd, Couldn't connect to server
> ERROR: Clamonacc: daemon is local, but a connection could not be established

Please post the output of

clamconf -n

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> root@ip-10-64-205-19 bin]# clamconf -n
> Checking configuration files in /etc
>
> Config file: clamd.d/scan.conf
> ------------------------------
> ...
> LocalSocket = "/var/run/clamd.scan/clamd.sock"
> ...

What are the permissions on this socket, and on its parent directories?

Can you successfully run clamdscan to scan files using the local socket?
(It might be helpful to comment out the two lines for the TCP socket and
to restart the clamd and clamonacc daemons to be sure you're not using a
TCP connection by accident.)

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Here is the permissions,

root@ip-10-64-205-168 run]# ls -ld clamd.scan/
drwx--x---. 2 clamscan virusgroup 80 Jun 29 16:31 clamd.scan/
[root@ip-10-64-205-168 run]# ll clamd.scan/
total 4
-rw-rw-r--. 1 root root 5 Jun 29 16:30 clamd.pid
srw-rw-rw-. 1 clamscan clamscan 0 Jun 29 16:31 clamd.sock


From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Date: Tuesday, June 29, 2021 at 10:01 AM
To: Lopez, Carmelo via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Not able to start clamonacc
Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> root@ip-10-64-205-19 bin]# clamconf -n
> Checking configuration files in /etc
>
> Config file: clamd.d/scan.conf
> ------------------------------
> ...
> LocalSocket = "/var/run/clamd.scan/clamd.sock"
> ...

What are the permissions on this socket, and on its parent directories?

Can you successfully run clamdscan to scan files using the local socket?
(It might be helpful to comment out the two lines for the TCP socket and
to restart the clamd and clamonacc daemons to be sure you're not using a
TCP connection by accident.)

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

I can run clamdscan to scan files using ?fdpass. I commented out the TCP Socket and TCP Address in clamd.conf and tried to run clamonacc. This is what I?m getting now

[root@ip-10-64-205-168 etc]# clamonacc --log=/var/log/clamonacc.log
ERROR: Clamonacc: Version of curl is too low to use fdpassing. Please use tcp socket streaming instead

From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Date: Tuesday, June 29, 2021 at 10:01 AM
To: Lopez, Carmelo via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] Not able to start clamonacc
Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> root@ip-10-64-205-19 bin]# clamconf -n
> Checking configuration files in /etc
>
> Config file: clamd.d/scan.conf
> ------------------------------
> ...
> LocalSocket = "/var/run/clamd.scan/clamd.sock"
> ...

What are the permissions on this socket, and on its parent directories?

Can you successfully run clamdscan to scan files using the local socket?
(It might be helpful to comment out the two lines for the TCP socket and
to restart the clamd and clamonacc daemons to be sure you're not using a
TCP connection by accident.)

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Hi there,

On Tue, 29 Jun 2021, Lopez, Carmelo via clamav-users wrote:

> Here is the permissions,
>
> root@ip-10-64-205-168 run]# ls -ld clamd.scan/
> drwx--x---. 2 clamscan virusgroup 80 Jun 29 16:31 clamd.scan/
> [root@ip-10-64-205-168 run]# ll clamd.scan/
> total 4
> -rw-rw-r--. 1 root root 5 Jun 29 16:30 clamd.pid
> srw-rw-rw-. 1 clamscan clamscan 0 Jun 29 16:31 clamd.sock

The permissions on the clamd.scan directory may be more restrictive
than necessary, but if you can scan with clamdscan then it probably
doesn't matter.

> I can run clamdscan to scan files using –fdpass. I commented out the
> TCP Socket and TCP Address in clamd.conf and tried to run
> clamonacc. This is what I’m getting now
>
> [root@ip-10-64-205-168 etc]# clamonacc --log=/var/log/clamonacc.log
> ERROR: Clamonacc: Version of curl is too low to use
> fdpassing. Please use tcp socket streaming instead

Well it looks like you might want to upgrade to a newer version of
curl, but if for the moment you go back to using TCP (uncomment the
lines you commented out and restart the clamd daemon) then you could
try the running clamonacc in the foreground with the verbose switch.

clamonacc -v -F ...

There should be a lot more information output to the terminal and you
will need to use another terminal for anything else while clamonacc is
writing output to the one which you use to start it. You can e.g. use
the 'script' command to record everything shown on the terminal in
case there's too much to fit on the screen, or send it to a file and
tail the file or something like that, but I'd be hoping for a useful
message fairly soon after starting clamonacc.

Does that tell us anything more?

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml