I'm trying to configure (ClamAV 0.103.2/26289 on Ubuntu 18.04) `clamonacc` using the instructions here[1]. I got through the steps and tried starting with `User clamav` but got a lot of permission errors in the logs when a file was chmod'd 0600:
"/home/user/eicar-test.txt: Can't open file or directory ERROR" Ok, this makes sense because `clamav` is not UID 0. How is clamonacc supposed to scan files with restricted permissions? Many users can set a umask in their ~/.bashrc to create files with 0600. In multi-user environments, it's typical to have /home/$USER set 0700 as well. I changed to `User root` to see what happened, but then when using #vi on a file in /tmp/, it would take a good minute to open and I would get errors like: ERROR: ClamCom: TIMEOUT while waiting on socket (recv). The clamav docs[2] seem to state running as 'root' is uneccesary: "a system admin need only ensure clamd has the read and access permissions necessary to deal with any file descriptors clamonacc may pass along. " So, I changed back to `User clamav`. I'd still like to monitor /tmp as it's a favorite place when any kind of process needs to write a file so changed `TemporaryDirectory /var/lib/clamav/` since it's not monitored by clamaonacc and maybe won't create a race condition with it's own temp files. These are the other edits I've made to /etc/clamav/clamd.conf. I'd like to monitor /var/www since it's a writable place for the apache server (yeah, I know, but web apps and webmasters write files and use plugins and this is where they manage them, usually from a web console). ExcludePath ^/proc ExcludePath ^/sys ExcludePath ^/run ExcludePath ^/dev ExcludePath ^/var/lib/lxcfs/cgroup OnAccessPrevention yes OnAccessExcludeUname clamav OnAccessIncludePath /var/www OnAccessIncludePath /home OnAccessIncludePath /tmp When I reboot however and clamd/clamonacc/freshclam come up, They can't seem to find "/var/www" (permissions 0755). Why is this? 133857 ClamScanQueue: waiting to consume events ... 133858 ClamInotif: watching '/var/www' (and all sub-directories) 133859 ClamInotif: watching '/home' (and all sub-directories) 133860 ClamInotif: watching '/tmp' (and all sub-directories) 133861 Excluding temp directory: /var/lib/clamav/ 133862 ClamInotif: NVM, didn't actually need to exclude '/var/lib/clamav/' 133863 ERROR: ClamInotif: could not watch path '/var/www', No such file or directory 133864 ClamFanotif: attempting to feed consumer queue Thanks for all your work on clamav! I'm trying not to sound complainy. [1] https://docs.clamav.net/manual/OnAccess.html [2] https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
