Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
In strace, the error looks like that: [pid 2062] readlink("/proc/self/fd/10", "/usr/share/dbus-1/system-services", 1023) = 33 [pid 2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 2062] fstat(10, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 [pid 2062] mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f547b1dc000 [pid 2062] madvise(0x7f547b1dc000, 8192, MADV_DOFORK) = 0 [pid 2062] pread(10, 0x7f547b1dd000, 4096, 0) = -1 EISDIR (Is a directory) [pid 2062] write(2, "LibClamAV Error: fmap_readpage: pread error: Is a directory\n", 60) = 60 or, when I try /bin/ls / [pid 2562] readlink("/proc/self/fd/22", "/", 1023) = 1 [pid 2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0 [pid 2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0 [pid 2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0 [pid 2562] fstat(22, {st_mode=S_IFDIR|0555, st_size=259, ...}) = 0 [pid 2562] mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fadbb7f2000 [pid 2562] madvise(0x7fadbb7f2000, 8192, MADV_DOFORK) = 0 [pid 2562] pread(22, 0x7fadbb7f3000, 259, 0) = -1 EISDIR (Is a directory) [pid 2562] write(2, "LibClamAV Error: fmap_readpage: pread error: Is a directory\n", 60) = 60 I guess that this happens in onas_fan_th() when it gets an event about a directory, but I'm not sure what to do now. Does anybody have suggestions? ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
I tried this: OnAccessMountPath /var TemporaryDirectory /tmp The error still persists. I also tried the following: OnAccessIncludePath /var TemporaryDirectory /tmp But then the protection doesn't work, and I got this in the log: Jun 15 08:38:10 clamav7 clamd[1136]: ScanOnAccess: Protecting directory '/var' (and all sub-directories) Jun 15 08:38:10 clamav7 clamd: ScanOnAccess: Protecting directory '/var' (and all sub-directories) Jun 15 08:38:10 clamav7 clamd: ERROR: ScanOnAccess: Could not watch path '/var', Success Jun 15 08:38:10 clamav7 clamd[1136]: ScanOnAccess: Could not watch path '/var', Success On Wed, Jun 14, 2017 at 7:04 PM, Steven Morgan wrote: > Hello, > > I looked at the debug trace and reviewed the clamd.conf. Can you try > setting clamd's TemporaryDirectory to somewhere that is not under your > onaccess mount path? Also, can you try running clamscan rather than clamd > (to test if the behavior is the same)? > > Steve > ___ > clamav-users mailing list > clamav-users@lists.clamav.net > http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
Hello, I looked at the debug trace and reviewed the clamd.conf. Can you try setting clamd's TemporaryDirectory to somewhere that is not under your onaccess mount path? Also, can you try running clamscan rather than clamd (to test if the behavior is the same)? Steve ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
Hi, Here is the log with "Debug true": https://drive.google.com/file/d/0B0I3_DKeu1pZNktWNk03YnI1dTQ/view?usp=sharing I had some problems with syslog/systemd rate limiting, so I just ran it in the foreground for a few seconds with: clamd -c /etc/clamd.d/scan.conf --foreground --debug &> clamd.log If you need anything else from me, please write back. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
Hi, You could try setting "Debug true" in your clamd.conf file, or use clamscan --debug, to obtain some more info about the issue. Using debug mode will produce lots of output. If you post it somewhere, I'll take a look at it. Steve -Original Message- From: clamav-users [mailto:clamav-users-boun...@lists.clamav.net] On Behalf Of Ardavast Dayleryan Sent: Thursday, June 08, 2017 5:13 AM To: clamav-users@lists.clamav.net Subject: [clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7 Hello, I'm running a freshly installed centos 7 box with this vagrant image: https://atlas.hashicorp.com/centos/boxes/7 SELinux is set to disabled. ClamAV is installed from EPEL, and is running with this configuration: https://pastebin.com/JZqPHc05 It works properly, and succeeds in detecting malicious files, however on many filesystem operations (e.g. if I manually type "ls" in the console), I get errors like these in /var/log/messages which quickly fill the entire logfile: Jun 8 08:46:06 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:06 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:07 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:07 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:08 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:09 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:09 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory I was not able to determine the cause by reading the source, and I'm not sure if this is a sign of something worse. Can someone help me understand why is this happening and should I be worried? Any help is appreciated. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Lots of "fmap_readpage" errors with ClamAV 0.99.2 on centos 7
Hello, I'm running a freshly installed centos 7 box with this vagrant image: https://atlas.hashicorp.com/centos/boxes/7 SELinux is set to disabled. ClamAV is installed from EPEL, and is running with this configuration: https://pastebin.com/JZqPHc05 It works properly, and succeeds in detecting malicious files, however on many filesystem operations (e.g. if I manually type "ls" in the console), I get errors like these in /var/log/messages which quickly fill the entire logfile: Jun 8 08:46:06 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:06 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:07 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:07 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:08 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:09 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory Jun 8 08:46:09 clamav clamd: LibClamAV Error: fmap_readpage: pread error: Is a directory I was not able to determine the cause by reading the source, and I'm not sure if this is a sign of something worse. Can someone help me understand why is this happening and should I be worried? Any help is appreciated. ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml