Re: [clamav-users] clamav error
Hi all,
It's also talked about in this thread
CVD version 26199 causes the following error in ClamAV version 0.99.2:
Can't open file or directory ERROR
We have identified the signature of the problem in CVD version 26199.
Win.Loader.Boxter-9870959-0
If you ignore this signature, you can scan without errors.
If possible, exclude this signature or modify it.
Please help us.
Best regards
T.O
On Thu, 17 Jun 2021 09:41:38 -0400
Michael Orlitzky via clamav-users wrote:
> On 2021-06-17 09:00:09, Jigar via clamav-users wrote:
> > Hello,
> >
> > Suddenly, we are getting the following error in clamd.log file
> >
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p001:
> > Can't create new file ERROR
> > Thu Jun 17 08:52:49 2021 ->
> > /var/amavis/tmp/amavis-20210617T083549-04876-63FaXGZk/parts/p002:
> > Can't open file or directory ERROR
> >
> > We have checked up all the permission and ownership. There is no change in
> > it.
> >
>
> If you are (or can be) using a local socket to communicate with clamd,
> then I would suggest changing the way that amavisd invokes the virus
> scanner in amavisd.conf:
>
> # Use clamdscan with the --fdpass option so that the "clamav" user
> # doesn't need to be able to read amavis's private working
> # directory.
> @av_scanners = (
> ['ClamAV-clamdscan', 'clamdscan', "--fdpass --stdout --no-summary {}",
> [0], qr/:.*\sFOUND$/m, qr/^.*?: (?!Infected Archive)(.*) FOUND$/m ],
> );
>
> This is now the way that amavisd recommends, and assumes that your
> clamd socket is writable by the amavis user.
>
> ___
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
___
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Re: [clamav-users] Unable to start clamd daemon
Hi there, On Thu, 24 June 2021, Lopez, Carmelo via clamav-users wrote: I am new to clamav and I’ve completed installing a private mirror server. Can you tell us why you need a private mirror? That's not to say that I think you don't need one, but it isn't the place where a newcomer to ClamAV would normally start. To be clear, a private mirror will only usually be needed if you have a large number of machines in a single network, many or all of which will run ClamAV. By having a copy of the ClamAV database on each machine (and, more importantly, by keeping all these individual copies up to date) the many machines might create an unnecessarily large load - not only on your Internet connection but also on the (Cloudflare) database servers. Cloudflare might consider the load abusive, and, if it did, would respond by blocking connection attempts from your public IP address. If you're having any difficulty, and you don't actually need a private mirror, I'd recommend keeping things simpler by getting the database updates directly to the machines which are running ClamAV. Freshclam works fine but when I try to start the clamd daemon I get this error. Any help is appreciated. systemctl status clamd@scan -l ... Process: 2030 ExecStart=/usr/sbin/clamd -c /etc/clamd.d/%i.conf (code=exited, status=1/FAILURE) ... Can I take it that this command was run on the private mirror server? On Fri, 25 Jun 2021, Lopez, Carmelo via clamav-users wrote: I am running RHEL, Red Hat Enterprise Linux Server release 7.9 (Maipo). The output of “clamconf” below: By the way, I am running these commands from the clamav private mirror server. [root@ip-10-64-205-168 bin]# clamconf Checking configuration files in /etc ... Can you tell us *exactly* how you installed ClamAV (a) on your private mirror server and (b) on any other machines? -- 73, Ged. PS: My mailing list email address accepts mail only from the list. ___ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Unable to start clamd daemon
I am running RHEL, Red Hat Enterprise Linux Server release 7.9 (Maipo). The output of “clamconf” below: By the way, I am running these commands from the clamav private mirror server. [root@ip-10-64-205-168 bin]# clamconf Checking configuration files in /etc Config file: clamd.d/scan.conf -- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile = "/var/log/clamd.scan" LogFileUnlock disabled LogFileMaxSize = "10485760" LogTime = "yes" LogClean disabled LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile = "/var/run/clamd.scan/clamd.pid" TemporaryDirectory disabled DatabaseDirectory = "/var/www/html" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamd.scan/clamd.sock" LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket = "3310" TCPAddr = "127.0.0.1" MaxConnectionQueueLength = "200" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "10" ReadTimeout = "120" CommandReadTimeout = "30" SendBufTimeout = "500" MaxQueue = "100" IdleTimeout = "30" ExcludePath = "^/proc/", "^/sys/" MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "600" ConcurrentDatabaseReload = "yes" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamscan" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "1" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail disabled ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertBrokenMedia disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime disabled MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "1" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10" PCRERecMatchLimit = "2000" PCREMaxFileSize = "26214400" OnAccessMountPath = "/" OnAccessIncludePath disabled OnAccessExcludePath = "/proc", "/dev", "/sys", "/var/log" OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention = "yes" OnAccessExtraScanning = "yes" OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --- LogFileMaxSize = "2097152" LogTime = "yes" LogSyslog = "yes" LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile = "/var/run/freshclam.pid" DatabaseDirectory = "/var/www/html" Foreground disabled Debug disabled UpdateLogFile = "/var/log/freshclam.log" DatabaseOwner = "clamscan" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "database.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates disabled TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer = "proxy.service.cnqr.tech" HTTPProxyPort = "3128" HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamd.d/scan.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "300" ReceiveTimeout disabled Bytecode = "yes" mail/clamav-milter.conf not found Software settings - Version: 0.103.2 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information Database directory: /var/www/html daily.cvd: version 26211, sigs: 3992151, built on Thu Jun 24 11:04:24 2021 main.cvd: version 59, sigs: 4564902, buil
