It depends on the OS, but if you have something like AppArmor or GrSecurity, you may need to grant the appropriate permissions there to allow access even for root.
--Maarten On Thu, Sep 9, 2021 at 2:34 PM Micah Snyder (micasnyd) via clamav-users < clamav-users@lists.clamav.net> wrote: > Hi! > > No worries about sounding complainy. I'm glad you're reaching out for > help. > > I recommend always running clamonacc using the --fdpass command line > argument, provided it is available on your system Some older systems (RHEL > 7, etc) may not be able to use it. With fd-passing enabled, ClamOnAcc will > pass its open file descriptor to ClamD so it can scan files that it > wouldn't otherwise have read access to. I think this should resolve the > concern about scanning files like /home/user/eicar-test.txt. > > I'm unsure why you're getting: > 133863 ERROR: ClamInotif: could not watch path '/var/www', No such > file or directory > > Perhaps it is a mount point or something? Anyone else have any insights? > > > Micah Snyder > ClamAV Development > Talos > Cisco Systems, Inc. > ------------------------------ > *From:* clamav-users <clamav-users-boun...@lists.clamav.net> on behalf of > dee heffemm via clamav-users <clamav-users@lists.clamav.net> > *Sent:* Thursday, September 9, 2021 7:53 AM > *To:* clamav-users@lists.clamav.net <clamav-users@lists.clamav.net> > *Cc:* dee heffemm <dhef...@gmail.com> > *Subject:* [clamav-users] Why does clamonacc says /var/www does not exist > (among other things)? > > I'm trying to configure (ClamAV 0.103.2/26289 on Ubuntu 18.04) > `clamonacc` using the instructions here[1]. I got through the steps and > tried starting with `User clamav` but got a lot of permission errors in the > logs when a file was chmod'd 0600: > > "/home/user/eicar-test.txt: Can't open file or directory ERROR" > > Ok, this makes sense because `clamav` is not UID 0. How is clamonacc > supposed to scan files with restricted permissions? Many users can set a > umask in their ~/.bashrc to create files with 0600. In multi-user > environments, it's typical to have /home/$USER set 0700 as well. > > I changed to `User root` to see what happened, but then when using #vi on > a file in /tmp/, it would take a good minute to open and I would get errors > like: ERROR: ClamCom: TIMEOUT while waiting on socket (recv). The clamav > docs[2] seem to state running as 'root' is uneccesary: > > "a system admin need only ensure clamd has the read and access > permissions necessary to deal with any file descriptors clamonacc may pass > along. " > > So, I changed back to `User clamav`. > > I'd still like to monitor /tmp as it's a favorite place when any kind of > process needs to write a file so changed `TemporaryDirectory > /var/lib/clamav/` since it's not monitored by clamaonacc and maybe won't > create a race condition with it's own temp files. > > These are the other edits I've made to /etc/clamav/clamd.conf. I'd like to > monitor /var/www since it's a writable place for the apache server (yeah, I > know, but web apps and webmasters write files and use plugins and this is > where they manage them, usually from a web console). > > ExcludePath ^/proc > ExcludePath ^/sys > ExcludePath ^/run > ExcludePath ^/dev > ExcludePath ^/var/lib/lxcfs/cgroup > OnAccessPrevention yes > OnAccessExcludeUname clamav > OnAccessIncludePath /var/www > OnAccessIncludePath /home > OnAccessIncludePath /tmp > > When I reboot however and clamd/clamonacc/freshclam come up, They can't > seem to find "/var/www" (permissions 0755). Why is this? > > 133857 ClamScanQueue: waiting to consume events ... > 133858 ClamInotif: watching '/var/www' (and all sub-directories) > 133859 ClamInotif: watching '/home' (and all sub-directories) > 133860 ClamInotif: watching '/tmp' (and all sub-directories) > 133861 Excluding temp directory: /var/lib/clamav/ > 133862 ClamInotif: NVM, didn't actually need to exclude '/var/lib/clamav/' > 133863 ERROR: ClamInotif: could not watch path '/var/www', No such file > or directory > 133864 ClamFanotif: attempting to feed consumer queue > > Thanks for all your work on clamav! I'm trying not to sound complainy. > > [1] https://docs.clamav.net/manual/OnAccess.html > [2] > https://blog.clamav.net/2019/09/understanding-and-transitioning-to.html > > _______________________________________________ > > clamav-users mailing list > clamav-users@lists.clamav.net > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/vrtadmin/clamav-faq > > http://www.clamav.net/contact.html#ml >
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml