Mailing List Archive

[clamav-users] clamAV On-Access Scanning problem
I have an enclave of Linux servers running RHEL7, where I have installed
clamAV 0.104.1. Scanning works just fine, I have tested with clamscan and
clamdscan against an EICAR test file and the latest signature databases.
What's not working is the on-access scanning. I'm not getting any kind of
logs or detections.
I found out today that on-access scanning requires curl, and some documents
indicate that it has to be at least curl 7.45. Seeing as I'm on RHEL, I'm
dependent on Red Hat's release cycle for updates, and their version of curl
is only 7.29. What do other RHEL users do in this situation? Do I have to
get curl's source and build a newer version myself?
Re: [clamav-users] clamAV On-Access Scanning problem [ In reply to ]
Hi there,

On Wed, 15 Dec 2021 Jonathan Prater wrote:

> ... I found out today that on-access scanning requires curl, and
> some documents indicate that it has to be at least curl 7.45.
> Seeing as I'm on RHEL, I'm dependent on Red Hat's release cycle for
> updates, and their version of curl is only 7.29. What do other RHEL
> users do in this situation? Do I have to get curl's source and
> build a newer version myself?

https://bugzilla.redhat.com/show_bug.cgi?id=1909113

https://github.com/Cisco-Talos/clamav-faq/blob/master/manual/UserManual/OnAccess.md

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamAV On-Access Scanning problem [ In reply to ]
If I understand correctly, the curl requirement is solely to support file
descriptor passing via a local Unix socket. If I use a TCP socket
(listening only on localhost) for clam, does that eliminate the curl
requirement?

On Wed, Dec 15, 2021 at 5:59 PM G.W. Haywood via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Hi there,
>
> On Wed, 15 Dec 2021 Jonathan Prater wrote:
>
> > ... I found out today that on-access scanning requires curl, and
> > some documents indicate that it has to be at least curl 7.45.
> > Seeing as I'm on RHEL, I'm dependent on Red Hat's release cycle for
> > updates, and their version of curl is only 7.29. What do other RHEL
> > users do in this situation? Do I have to get curl's source and
> > build a newer version myself?
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1909113
>
>
> https://github.com/Cisco-Talos/clamav-faq/blob/master/manual/UserManual/OnAccess.md
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] clamAV On-Access Scanning problem [ In reply to ]
Hi there,

On Wed, 15 Dec 2021, Jonathan Prater via clamav-users wrote:

> If I understand correctly, the curl requirement is solely to support file
> descriptor passing via a local Unix socket. If I use a TCP socket
> (listening only on localhost) for clam, does that eliminate the curl
> requirement?

That's the way it reads. Having said that I haven't used a Red Hat
system for nearly twenty years so YMMV. There are probably RHEL users
on the mailing list, so if you're patient you might get a more useful
response from one of them or even from somebody at Sourcefire.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamAV On-Access Scanning problem [ In reply to ]
Curl is used for both TCP sockets and local unix sockets.

Outside of building a newer version of curl yourself, or installing using our RPM for ClamAV 0.104.1 from https://www.clamav.net/downloads, I don't have a good solution for you.

As Ged noted, other RHEL users on the list may have another recommendation.

Regards,
Micah

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.
________________________________
From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
Sent: Thursday, December 16, 2021 3:22 AM
To: Jonathan Prater via clamav-users <clamav-users@lists.clamav.net>
Cc: G.W. Haywood <clamav@jubileegroup.co.uk>
Subject: Re: [clamav-users] clamAV On-Access Scanning problem

Hi there,

On Wed, 15 Dec 2021, Jonathan Prater via clamav-users wrote:

> If I understand correctly, the curl requirement is solely to support file
> descriptor passing via a local Unix socket. If I use a TCP socket
> (listening only on localhost) for clam, does that eliminate the curl
> requirement?

That's the way it reads. Having said that I haven't used a Red Hat
system for nearly twenty years so YMMV. There are probably RHEL users
on the mailing list, so if you're patient you might get a more useful
response from one of them or even from somebody at Sourcefire.

--

73,
Ged.

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] clamAV On-Access Scanning problem [ In reply to ]
Thank you for clarifying that for me, Micah.
Something I've found that may work (I need to test to confirm):
Per this
<https://www.mysterydata.com/update-install-latest-curl-version-on-rhel-8-rhel-7-centos-7-8-cwp-vestacp-cpanel-plesk/>,
there are updated binaries for curl and libcurl, and all their
dependencies, on a third party repository. You still have to get 64-bit
versions of libnghttp2 from EPEL, but that's it.
Again, I still have to test this to confirm it works, but it looks like it
ought to satisfy the requirements.

On Thu, Dec 16, 2021 at 5:04 PM Micah Snyder (micasnyd) via clamav-users <
clamav-users@lists.clamav.net> wrote:

> Curl is used for both TCP sockets and local unix sockets.
>
> Outside of building a newer version of curl yourself, or installing using
> our RPM for ClamAV 0.104.1 from https://www.clamav.net/downloads, I don't
> have a good solution for you.
>
> As Ged noted, other RHEL users on the list may have another recommendation.
>
> Regards,
> Micah
>
> Micah Snyder
> ClamAV Development
> Talos
> Cisco Systems, Inc.
> ------------------------------
> *From:* clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of
> G.W. Haywood via clamav-users <clamav-users@lists.clamav.net>
> *Sent:* Thursday, December 16, 2021 3:22 AM
> *To:* Jonathan Prater via clamav-users <clamav-users@lists.clamav.net>
> *Cc:* G.W. Haywood <clamav@jubileegroup.co.uk>
> *Subject:* Re: [clamav-users] clamAV On-Access Scanning problem
>
> Hi there,
>
> On Wed, 15 Dec 2021, Jonathan Prater via clamav-users wrote:
>
> > If I understand correctly, the curl requirement is solely to support file
> > descriptor passing via a local Unix socket. If I use a TCP socket
> > (listening only on localhost) for clam, does that eliminate the curl
> > requirement?
>
> That's the way it reads. Having said that I haven't used a Red Hat
> system for nearly twenty years so YMMV. There are probably RHEL users
> on the mailing list, so if you're patient you might get a more useful
> response from one of them or even from somebody at Sourcefire.
>
> --
>
> 73,
> Ged.
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>