On 23 Aug 2006, at 23:06, Dennis Peterson wrote:
Zach Heaton wrote:
Greetings to all:
I'm running clamd 0.88.4 (ClamAV 0.88.4/1717/Wed Aug 23 12:19:54
2006) on Mac OS 10.4.7 Client (Intel), and am attempting to use
clamdscan to scan files on disk images. However, when I try to do
so, clamdscan exits with "lstat() failed. ERROR." This error is
reproducible for both sparse and fixed-size disk images with and
without encryption turned on, and in FileVault home directories.
Although clamdscan cannot scan these files, clamscan can do so
without difficulty. Clamdscan can also successfully scan files
which are located on the primary drive or on external physical
drives.
Here's some representative output from clamdscan:
[EMAIL PROTECTED] TestImage]$ clamdscan -v eicar.com
/Volumes/TestImage/eicar.com: lstat() failed. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
Does clamd have permission to scan that file? The clamd executable
often runs as an low-privilege user and cannot scan every file you
send it. Clamdscan runs as what ever user runs it and potentially
has more authority - especially if run as root. Having said all
that, I don't get that error when I attempt to scan a protected
file but I'm not running it on a Mac, but it's worth looking into.
dp
Dennis,
I don't think that permissions are a factor here - the scan fails
using clamdscan even when eicar.com is chmodded to 777 and the
owner:group of the file is set to clamav:clamav. (clamd is running
as the clamav user on my system.)
[EMAIL PROTECTED] TestImage]$ ls -l eicar.com
-rwxrwxrwx 1 clamav clamav 68 Aug 23 23:18 eicar.com
[EMAIL PROTECTED] TestImage]$ clamdscan -v eicar.com
/Volumes/TestImage/eicar.com: lstat() failed. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
Furthermore, permissions issues seem to result in different error
messages. I placed another copy of eicar.com in /tmp, chowned it to
root:wheel, and set the permissions to 000. In this case, clamdscan
returned an access denied error:
[EMAIL PROTECTED] tmp]$ ls -l eicar.com
---------- 1 root wheel 68 Aug 23 22:42 eicar.com
[EMAIL PROTECTED] tmp]$ clamdscan eicar.com
/private/tmp/eicar.com: Access denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
The same file, with the same permissions, placed on a disk image
mounted at /Volumes/TestImage/, fails again with the "lstat() failed"
response.
[EMAIL PROTECTED] TestImage]$ ls -l eicar.com
---------- 1 root wheel 68 Aug 23 23:18 eicar.com
[EMAIL PROTECTED] TestImage]$ clamdscan -v eicar.com
/Volumes/TestImage/eicar.com: lstat() failed. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.001 sec (0 m 0 s)
Given this, I suspect that the primary issue is simply whether or not
the file is on a mounted disk image.
Regards,
Zach Heaton
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
