Can clamav really execute this script? How about directory permissions? I mean /home/<user>/shiva and /home/<user> ?
On 1/6/21 7:22 AM, Shivananda Shiragavi wrote: > I have given the full permission to bash file and even in clamd.conf also I > have mentioned the full path of bash file. But unfortunately, it is not > executing. > > bash file execution permission: > -rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh > > clamd.conf: > VirusEvent /home/<user>/shiva/vfound.sh > > --- > Shivananda S. > > On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) <micas...@cisco.com> > wrote: > >> Good to hear it's working with TCP. Strange that it didn't work with the >> local socket option. I most frequently test with the local socket. >> >> VirusEvent may require the full path to any programs it calls. Also >> remember that it may be executed by the clamd process as the clamav user so >> it will need permission to read/execute the script you're using. >> >> -Micah >> >>> -----Original Message----- >>> From: clamav-devel <clamav-devel-boun...@lists.clamav.net> On Behalf Of >>> Shivananda Shiragavi >>> Sent: Monday, January 4, 2021 11:43 PM >>> To: ClamAV Development <clamav-devel@lists.clamav.net> >>> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other >> than >>> /home directory >>> >>> Thanks for the reply Micah, >>> >>> With the local socket option, I was getting the issues but when I tried >> with TCP >>> it worked. Now I am facing issues with VirusEvent, after finding the >> virus the >>> event should suppose to gets called and trigger the shell script but >> it's not >>> happening. >>> >>> Thanks, >>> Shivananda S. >>> >>> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd) >>> <micas...@cisco.com> >>> wrote: >>> >>>> Hi Shivananda, >>>> >>>> Apologies for the delay, just got back to work after the holidays. >>>> It appears to me that the clamav user which clamd runs as does not >>>> have read permissions to the files that clamonacc is trying to scan. >>>> >>>> Unfortunately, the two best options to grant clamd access to scan any >>>> file requested by clamonacc are broken at present: >>>> 1. My favorite solution is to use the `clamonacc --fdpass` option so >>>> that clamd is given access to the file by clamonacc. We have a fix for >>>> this ready for the upcoming patch release. >>>> 2. My 2nd favorite solution is to have the service manager grant the >>>> clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We >>>> have a public pull request to test & merge, which should also be >>>> included in the upcoming patch release (https://github.com/Cisco- >>> Talos/clamav-devel/pull/135). >>>> I hope to have both of these issues fixed in the 0.103.1 patch release >>>> later this month. >>>> >>>> For now, I think you may need to either: >>>> - Run clamd as root without setting the `User` config option so it >>>> doesn't switch to run as the clamav user, >>>> - Run clamonacc in --stream mode (which can be quite slow), or >>>> - Add the clamav user to groups that can read the directories that >>>> will be watched/scanned. >>>> >>>> Regards, >>>> Micah >>>> >>>>> -----Original Message----- >>>>> From: clamav-devel <clamav-devel-boun...@lists.clamav.net> On Behalf >>>>> Of Shivananda Shiragavi >>>>> Sent: Tuesday, December 29, 2020 2:10 AM >>>>> To: clamav-devel@lists.clamav.net >>>>> Subject: [Clamav-devel] Fwd: Error while scanning directory other >>>>> than >>>> /home >>>>> directory >>>>> >>>>> Hi All, >>>>> >>>>> I am trying to enable *clamonacc* in my machine for /home its >>>>> working >>>> fine >>>>> but when I am trying to mention some other directory it is throwing >>>>> the following error: >>>>> >>>>> >>>>> >>>>> >>>>> *ClamWorker: performing scanning on file >>>>> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open >>>>> file or directory ERRORClamMisc: internal issue (client failed to >>>> scan)ClamWorker: >>>>> scan failed with error code 32* >>>>> >>>>> *clamd.conf:* >>>>> >>>>> >>>>> >>>>> >>>>> *OnAccessIncludePath /serverdataOnAccessPrevention >>>>> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID >>>>> noOnAccessDisableDDD no* >>>>> >>>>> Could someone please help me to fix this issue? >>>>> >>>>> -- >>>>> Shivananda Shiragavi >>>>> _______________________________________________ >>>>> >>>>> clamav-devel mailing list >>>>> clamav-devel@lists.clamav.net >>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel >>>>> >>>>> Please submit your patches to our Github: https://github.com/Cisco- >>>>> Talos/clamav-devel/pulls >>>>> >>>>> Help us build a comprehensive ClamAV guide: >>>>> https://github.com/vrtadmin/clamav-faq >>>>> >>>>> http://www.clamav.net/contact.html#ml >>>> _______________________________________________ >>>> >>>> clamav-devel mailing list >>>> clamav-devel@lists.clamav.net >>>> https://lists.clamav.net/mailman/listinfo/clamav-devel >>>> >>>> Please submit your patches to our Github: >>>> https://github.com/Cisco-Talos/clamav-devel/pulls >>>> >>>> Help us build a comprehensive ClamAV guide: >>>> https://github.com/vrtadmin/clamav-faq >>>> >>>> http://www.clamav.net/contact.html#ml >>>> >>> >>> >>> -- >>> Shivananda Shiragavi >>> _______________________________________________ >>> >>> clamav-devel mailing list >>> clamav-devel@lists.clamav.net >>> https://lists.clamav.net/mailman/listinfo/clamav-devel >>> >>> Please submit your patches to our Github: https://github.com/Cisco- >>> Talos/clamav-devel/pulls >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/vrtadmin/clamav-faq >>> >>> http://www.clamav.net/contact.html#ml >> _______________________________________________ >> >> clamav-devel mailing list >> clamav-devel@lists.clamav.net >> https://lists.clamav.net/mailman/listinfo/clamav-devel >> >> Please submit your patches to our Github: >> https://github.com/Cisco-Talos/clamav-devel/pulls >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/vrtadmin/clamav-faq >> >> http://www.clamav.net/contact.html#ml >> > _______________________________________________ > > clamav-devel mailing list > clamav-devel@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-devel > > Please submit your patches to our Github: > https://github.com/Cisco-Talos/clamav-devel/pulls > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml