I have given full permission to /home/<user>/shiva directory, also I am running clamav as root user and clamonacc is also by default root user only. In this case it should run....
On Thu, 7 Jan, 2021, 7:39 pm Jacek Zapała, <ja...@it.pl> wrote: > Can clamav really execute this script? > How about directory permissions? I mean /home/<user>/shiva and > /home/<user> ? > > On 1/6/21 7:22 AM, Shivananda Shiragavi wrote: > > I have given the full permission to bash file and even in clamd.conf > also I > > have mentioned the full path of bash file. But unfortunately, it is not > > executing. > > > > bash file execution permission: > > -rwxrwxrwx 1 <user> <user> 39 Dec 30 01:29 vfound.sh > > > > clamd.conf: > > VirusEvent /home/<user>/shiva/vfound.sh > > > > --- > > Shivananda S. > > > > On Wed, Jan 6, 2021 at 1:06 AM Micah Snyder (micasnyd) < > micas...@cisco.com> > > wrote: > > > >> Good to hear it's working with TCP. Strange that it didn't work with the > >> local socket option. I most frequently test with the local socket. > >> > >> VirusEvent may require the full path to any programs it calls. Also > >> remember that it may be executed by the clamd process as the clamav > user so > >> it will need permission to read/execute the script you're using. > >> > >> -Micah > >> > >>> -----Original Message----- > >>> From: clamav-devel <clamav-devel-boun...@lists.clamav.net> On Behalf > Of > >>> Shivananda Shiragavi > >>> Sent: Monday, January 4, 2021 11:43 PM > >>> To: ClamAV Development <clamav-devel@lists.clamav.net> > >>> Subject: Re: [Clamav-devel] Fwd: Error while scanning directory other > >> than > >>> /home directory > >>> > >>> Thanks for the reply Micah, > >>> > >>> With the local socket option, I was getting the issues but when I tried > >> with TCP > >>> it worked. Now I am facing issues with VirusEvent, after finding the > >> virus the > >>> event should suppose to gets called and trigger the shell script but > >> it's not > >>> happening. > >>> > >>> Thanks, > >>> Shivananda S. > >>> > >>> On Tue, Jan 5, 2021 at 5:34 AM Micah Snyder (micasnyd) > >>> <micas...@cisco.com> > >>> wrote: > >>> > >>>> Hi Shivananda, > >>>> > >>>> Apologies for the delay, just got back to work after the holidays. > >>>> It appears to me that the clamav user which clamd runs as does not > >>>> have read permissions to the files that clamonacc is trying to scan. > >>>> > >>>> Unfortunately, the two best options to grant clamd access to scan any > >>>> file requested by clamonacc are broken at present: > >>>> 1. My favorite solution is to use the `clamonacc --fdpass` option so > >>>> that clamd is given access to the file by clamonacc. We have a fix for > >>>> this ready for the upcoming patch release. > >>>> 2. My 2nd favorite solution is to have the service manager grant the > >>>> clamd service CAP_DAC_READ_SEARCH capabilities to read any file. We > >>>> have a public pull request to test & merge, which should also be > >>>> included in the upcoming patch release (https://github.com/Cisco- > >>> Talos/clamav-devel/pull/135). > >>>> I hope to have both of these issues fixed in the 0.103.1 patch release > >>>> later this month. > >>>> > >>>> For now, I think you may need to either: > >>>> - Run clamd as root without setting the `User` config option so it > >>>> doesn't switch to run as the clamav user, > >>>> - Run clamonacc in --stream mode (which can be quite slow), or > >>>> - Add the clamav user to groups that can read the directories that > >>>> will be watched/scanned. > >>>> > >>>> Regards, > >>>> Micah > >>>> > >>>>> -----Original Message----- > >>>>> From: clamav-devel <clamav-devel-boun...@lists.clamav.net> On Behalf > >>>>> Of Shivananda Shiragavi > >>>>> Sent: Tuesday, December 29, 2020 2:10 AM > >>>>> To: clamav-devel@lists.clamav.net > >>>>> Subject: [Clamav-devel] Fwd: Error while scanning directory other > >>>>> than > >>>> /home > >>>>> directory > >>>>> > >>>>> Hi All, > >>>>> > >>>>> I am trying to enable *clamonacc* in my machine for /home its > >>>>> working > >>>> fine > >>>>> but when I am trying to mention some other directory it is throwing > >>>>> the following error: > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> *ClamWorker: performing scanning on file > >>>>> '/serverdata/eicar.com.txt'/serverdata/eicar.com.txt: Can't open > >>>>> file or directory ERRORClamMisc: internal issue (client failed to > >>>> scan)ClamWorker: > >>>>> scan failed with error code 32* > >>>>> > >>>>> *clamd.conf:* > >>>>> > >>>>> > >>>>> > >>>>> > >>>>> *OnAccessIncludePath /serverdataOnAccessPrevention > >>>>> yesOnAccessExcludeUname clamavOnAccessExcludeRootUID > >>>>> noOnAccessDisableDDD no* > >>>>> > >>>>> Could someone please help me to fix this issue? > >>>>> > >>>>> -- > >>>>> Shivananda Shiragavi > >>>>> _______________________________________________ > >>>>> > >>>>> clamav-devel mailing list > >>>>> clamav-devel@lists.clamav.net > >>>>> https://lists.clamav.net/mailman/listinfo/clamav-devel > >>>>> > >>>>> Please submit your patches to our Github: https://github.com/Cisco- > >>>>> Talos/clamav-devel/pulls > >>>>> > >>>>> Help us build a comprehensive ClamAV guide: > >>>>> https://github.com/vrtadmin/clamav-faq > >>>>> > >>>>> http://www.clamav.net/contact.html#ml > >>>> _______________________________________________ > >>>> > >>>> clamav-devel mailing list > >>>> clamav-devel@lists.clamav.net > >>>> https://lists.clamav.net/mailman/listinfo/clamav-devel > >>>> > >>>> Please submit your patches to our Github: > >>>> https://github.com/Cisco-Talos/clamav-devel/pulls > >>>> > >>>> Help us build a comprehensive ClamAV guide: > >>>> https://github.com/vrtadmin/clamav-faq > >>>> > >>>> http://www.clamav.net/contact.html#ml > >>>> > >>> > >>> > >>> -- > >>> Shivananda Shiragavi > >>> _______________________________________________ > >>> > >>> clamav-devel mailing list > >>> clamav-devel@lists.clamav.net > >>> https://lists.clamav.net/mailman/listinfo/clamav-devel > >>> > >>> Please submit your patches to our Github: https://github.com/Cisco- > >>> Talos/clamav-devel/pulls > >>> > >>> Help us build a comprehensive ClamAV guide: > >>> https://github.com/vrtadmin/clamav-faq > >>> > >>> http://www.clamav.net/contact.html#ml > >> _______________________________________________ > >> > >> clamav-devel mailing list > >> clamav-devel@lists.clamav.net > >> https://lists.clamav.net/mailman/listinfo/clamav-devel > >> > >> Please submit your patches to our Github: > >> https://github.com/Cisco-Talos/clamav-devel/pulls > >> > >> Help us build a comprehensive ClamAV guide: > >> https://github.com/vrtadmin/clamav-faq > >> > >> http://www.clamav.net/contact.html#ml > >> > > _______________________________________________ > > > > clamav-devel mailing list > > clamav-devel@lists.clamav.net > > https://lists.clamav.net/mailman/listinfo/clamav-devel > > > > Please submit your patches to our Github: > https://github.com/Cisco-Talos/clamav-devel/pulls > > > > Help us build a comprehensive ClamAV guide: > > https://github.com/vrtadmin/clamav-faq > > > > http://www.clamav.net/contact.html#ml > > > _______________________________________________ > > clamav-devel mailing list > clamav-devel@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-devel > > Please submit your patches to our Github: > https://github.com/Cisco-Talos/clamav-devel/pulls > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml > _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
