I have now downloaded and installed the latest 1.5.1 deb package and still get exactly the same result. Is there nothing I can look at to see where it is getting stuck? Any configuration option that I might be unaware of? The log output is just not helpful.
On Thu, 13 Nov 2025, 13:05 Newcomer01 via clamav-users, < [email protected]> wrote: > with classical i mean the non LTS version > > Von / From: Thomas Jordan <[email protected]> > An / To: Newcomer01 <[email protected]> > Gesendet / Sent: Mittwoch, November 13, 2025 um 13:23 (at 01:23 PM) +0100 > Betreff / Subject: Re: [clamav-users] clamonacc detects file and says > scanning of file has started but then nothing happens > > clamd –version - ClamAV 1.4.3/27818/Mon Nov 10 10:44:43 2025 > > Ubuntu version (cat /etc/release) - VERSION="24.04.3 LTS (Noble Numbat)" > > What do you mean by 'classical' 24.04? > > On Thu, 13 Nov 2025, 02:57 Newcomer01 via clamav-users, < > [email protected]> wrote: > >> on Ubuntu 24.04 LTS it should be 1.4.3, on classical 24.04 maybe a newer >> one >> >> Von / From: Thomas Jordan <[email protected]> >> An / To: Newcomer01 <[email protected]> >> Gesendet / Sent: Mittwoch, November 13, 2025 um 00:08 (at 12:08 AM) +0100 >> Betreff / Subject: Re: [clamav-users] clamonacc detects file and says >> scanning of file has started but then nothing happens >> >> Ubuntu 24.04 and whatever version of ClamAV got installed by apt today, >> I'll confirm exact version when I get back into work tomorrow. >> >> On Wed, 12 Nov 2025, 21:30 Newcomer01 via clamav-users, < >> [email protected]> wrote: >> >>> which Ubuntu Version is running and which ClamAV Version? >>> >>> Von / From: Tom Jordan Via Clamav-Users <[email protected]> >>> An / To: Newcomer01 <[email protected]> >>> CC / CC: Tom Jordan <[email protected]> >>> Gesendet / Sent: Dienstag, November 12, 2025 um 21:46 (at 09:46 PM) >>> +0100 >>> Betreff / Subject: [clamav-users] clamonacc detects file and says >>> scanning of file has started but then nothing happens >>> >>> Hi, >>> >>> So I couldn't get the clamonacc scanner running on the host VM to detect >>> files in the Docker container by watching the overlay file system where the >>> Docker filesystems are mounted on the host. It seemsa like that is not >>> possible with clam tools, so I am trying a different configuration now (a >>> helpful suggestion from Andrew Aitchison). I have clamonacc running in the >>> Docker container (clamonacc --move=/infected --foreground >>> --log=/tmp/clamonacc.log --verbose), and clamd server running in the host >>> VM (clamd --foreground --debug), with communication between the two via a >>> TCP port/IP address configured in clamd.conf, which container and host each >>> have a copy of same. >>> >>> Now the clamonacc running in the container can ping the clamd: >>> >>> >>> >>> tpj@tpj-VirtualBox: clamonacc --ping 10 >>> >>> PONG >>> >>> >>> >>> which suggests the TCP address/port configuration is correct between the >>> two. Also, when I shell into the clamonacc container and access an >>> eincar.txt test malware file that I installed when building the container, >>> the clamonacc detects me touching the file and indicates scanning has >>> begun, as seen from its log output: >>> >>> >>> >>> ClamFanotif: attempting to feed consumer queue >>> >>> ClamWorker: performing scanning on file >>> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >>> >>> >>> >>> But then nothing else happens, there is no notification about einvar.txt >>> being a malware file and it is not moved to the quarantine folder. There is >>> nothing further in the clamonacc log and nothing appears in the clamd log >>> indicating that scanning has taken place at that end. The logging is not >>> particularly verbose and I can't see how to get any further information out >>> about what has happened. >>> >>> >>> >>> If I just create an innocuous file such as >>> >>> >>> >>> echo "hello" > test.txt >>> >>> >>> >>> in the same directory /home/ubuntu/clam_test/clam_test_sub_dir/, I see >>> the following log messages from clamonacc: >>> >>> >>> >>> ClamFanotif: attempting to feed consumer queue >>> >>> ClamWorker: performing scanning on file >>> '/home/ubuntu/clam_test/clam_test_sub_dir/test.txt' >>> >>> >>> >>> but test.txt is an benign file, this just shows that clamonacc sees all >>> files on the watched path. >>> >>> >>> >>> Why is this not working? It feels like I'm nearly there but it doesn't >>> work. Is there anything else I can do to get more information out? >>> >>> >>> >>> I'm using the following in clamd.conf: >>> >>> >>> >>> OnAccessIncludePath /home/ubuntu >>> >>> OnAccessExcludeUname clamav >>> >>> #OnAccessPrevention yes >>> >>> >>> >>> and here is the complete log output from clamonacc: >>> >>> >>> >>> root@7b58bc699d7b:/# clamonacc --move=/infected --foreground >>> --log=/tmp/clamonacc.log --verbose >>> >>> -------------------------------------- >>> >>> ClamClient: client setup to scan via streaming >>> >>> Clamonacc: daemon is remote >>> >>> ClamFanotif: kernel-level blocking feature disabled ... >>> >>> ClamFanotif: max file size limited to 5242880 bytes >>> >>> ClamScanQueue: initializing event queue consumer ... (5) threads in >>> thread pool >>> >>> Clamonacc: beginning event loops >>> >>> ClamFanotif: starting fanotify event loop with process id (67) ... >>> >>> ClamInotif: starting inotify event loop ... >>> >>> ClamInotif: dynamically determining directory hierarchy... >>> >>> ClamInotif: watching '/home/ubuntu' (and all sub-directories) >>> >>> Excluding temp directory: /tmp >>> >>> ClamScanQueue: waiting to consume events ... >>> >>> ClamInotif: NVM, didn't actually need to exclude '/tmp' >>> >>> ClamFanotif: attempting to feed consumer queue >>> >>> ClamFanotif: attempting to feed consumer queue >>> >>> ClamMisc: $/proc/76 vanished before UIDs could be excluded; scanning >>> anyway >>> >>> ClamFanotif: attempting to feed consumer queue >>> >>> ClamWorker: performing scanning on file >>> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt.copy' >>> >>> ClamWorker: performing scanning on file >>> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >>> >>> ClamWorker: performing scanning on file >>> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >>> >>> >>> >>> >>> >>> and from clamd: >>> >>> >>> >>> tpj@ubuntu_box:/# clamd --foreground --debug >>> >>> Limits: Global time limit set to 120000 milliseconds. >>> >>> Limits: Global size limit set to 419430400 bytes. >>> >>> Limits: File size limit set to 104857600 bytes. >>> >>> Limits: Recursion level limit set to 17. >>> >>> Limits: Files limit set to 10000. >>> >>> Limits: Core-dump limit is 18446744073709551615. >>> >>> Limits: MaxEmbeddedPE limit set to 41943040 bytes. >>> >>> Limits: MaxHTMLNormalize limit set to 41943040 bytes. >>> >>> Limits: MaxHTMLNoTags limit set to 8388608 bytes. >>> >>> Limits: MaxScriptNormalize limit set to 20971520 bytes. >>> >>> Limits: MaxZipTypeRcg limit set to 1048576 bytes. >>> >>> Limits: MaxPartitions limit set to 50. >>> >>> Limits: MaxIconsPE limit set to 100. >>> >>> Limits: MaxRecHWP3 limit set to 16. >>> >>> Limits: PCREMatchLimit limit set to 100000. >>> >>> Limits: PCRERecMatchLimit limit set to 2000. >>> >>> Limits: PCREMaxFileSize limit set to 104857600. >>> >>> Archive support enabled. >>> >>> Image (graphics) scanning support enabled. >>> >>> Detection using image fuzzy hash enabled. >>> >>> AlertExceedsMax heuristic detection disabled. >>> >>> Heuristic alerts enabled. >>> >>> Portable Executable support enabled. >>> >>> ELF support enabled. >>> >>> Mail files support enabled. >>> >>> OLE2 support enabled. >>> >>> PDF support enabled. >>> >>> SWF support enabled. >>> >>> HTML support enabled. >>> >>> XMLDOCS support enabled. >>> >>> HWP3 support enabled. >>> >>> OneNote support enabled. >>> >>> Self checking every 600 seconds. >>> >>> Listening daemon: PID: 14 >>> >>> MaxQueue set to: 100 >>> >>> SelfCheck: Database status OK. >>> >>> SelfCheck: Database status OK. >>> >>> SelfCheck: Database status OK. >>> >>> >>> >>> >>> >>> Any help as always much appreciated. >>> >>> >>> >>> Thomas >>> >>> >>> >>> _______________________________________________ >>> >>> Manage your clamav-users mailing list subscription / >>> unsubscribe:https://lists.clamav.net/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV >>> guide:https://github.com/Cisco-Talos/clamav-documentation >>> https://docs.clamav.net/#mailing-lists-and-chat >>> >>> >>> _______________________________________________ >>> >>> Manage your clamav-users mailing list subscription / unsubscribe: >>> https://lists.clamav.net/mailman/listinfo/clamav-users >>> >>> >>> Help us build a comprehensive ClamAV guide: >>> https://github.com/Cisco-Talos/clamav-documentation >>> >>> https://docs.clamav.net/#mailing-lists-and-chat >>> >> >> _______________________________________________ >> >> Manage your clamav-users mailing list subscription / unsubscribe: >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/Cisco-Talos/clamav-documentation >> >> https://docs.clamav.net/#mailing-lists-and-chat >> > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
