Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

rder to keep the database size at a manageable level? If we would be able to automate the process going forward I think it is a viable option, but it would be less so if we would have to devote resources to actively monitoring the contents of the curated database. From: clamav-users On Behalf Of Sc

Re: [clamav-users] [External] Re: Question on ClamAV memory usage with respect to the signature database

Another option is to use a centralized scanning server. We've done that for our hosts. That central host has lots of memory and cores and the individual systems don't need nearly as much resources. https://www.libellux.com/clamav/ has some notes ab

Re: [clamav-users] [External] Re: On some systems clamdscan gets a permission denied error

>>socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) = 3 >>bind(3, {sa_family=AF_INET, sin_port=htons(0), >>sin_addr=inet_addr("IP address")}, 16) = 0 > >From clamdscan's perspective this should not have been successful. It means >that the local machine successfully bound to "IP address", so "IP address"

Re: [clamav-users] [External] Re: On some systems clamdscan gets a permission denied error

This is what I see from the strace: sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23 >>>That's interesting. Does the client machine access clamav-central via a >>>local proxy? Or more precisely, does the exemplary TCPAddr >>>"clamav-central.company.com" resolve to an IP-a

Re: [clamav-users] [External] Re: On some systems clamdscan gets a permission denied error

>> This is what I see from the strace: >> >> sendto(3, "zCONTSCAN /etc/gshadow\0", 23, 0, NULL, 0) = 23 >That's interesting. Does the client machine access clamav-central via a local >proxy? Or more precisely, does the exemplary TCPAddr >"clamav-central.company.com" resolve to an IP-address that

Re: [clamav-users] [External] Re: On some systems clamdscan gets a permission denied error

We have a central clamav server that does all of the actual scanning >>>You mean a remote one from clamdscan's perspective, queried via "TCPAddr >>>..."? >>Correct. >> >>TCPSocket 3310 >>TCPAddr clamav-central.company.com >man clamdscan: > > --fdpass >... Only available if connected to

Re: [clamav-users] [External] Re: On some systems clamdscan gets a permission denied error

>> We have a central clamav server that does all of the actual scanning > >You mean a remote one from clamdscan's perspective, queried via "TCPAddr ..."? Correct. TCPSocket 3310 TCPAddr clamav-central.company.com ___ Manage your clamav-users mailing li

[clamav-users] On some systems clamdscan gets a permission denied error

On some systems clamdscan gets a permission denied error. We have been unable to determine why it fails on some hosts and not others. I don't see anything in /var/log/audit/audit.log to explain the failure. We are running version 0.103.11-1.el8 on RHEL 8.9 with FIPS mode and SELinux enabled. We