Hi all, we do have 2 workstations running RHEL 8 and clamav / clamd using an identical software stack / configuration. In particular we integrate the clamav packages via the RHEL EPEL repos. So far we have been using 0.103.6-1.el8 without any issues. We have started upgrading to 0.103.7-1.el8 on one of the both workstations. Since then, when using clamdscan, we receive the below issue:
Can't access file ERROR We have been investigating the issue with respect to access control related issues. However, even when using "root" as the clamdscan user we receive the error. From an ACL perspective, we see no systematic cause for this issue. We therefore want to check whether this error has been experienced by others as well and thus may relate to a bug in version 0.103.7-1.el8 of clamdscan. Below you can find the output of clamconf: Checking configuration files in /etc Config file: clamd.d/scan.conf ------------------------------ AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName disabled LogFile = "/var/log/clamdscan-SD-XXXXX.scan" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean = "yes" LogSyslog = "yes" LogFacility = "LOG_AUTHPRIV" LogVerbose = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile = "/run/clamd.scan/clamd.pid" TemporaryDirectory = "/data/tmp" DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/run/clamd.scan/clamd.sock" LocalSocketGroup disabled LocalSocketMode disabled FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "200" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "30" ReadTimeout = "120" CommandReadTimeout = "30" SendBufTimeout = "500" MaxQueue = "200" IdleTimeout = "30" ExcludePath = ".*\.nc$", ".*\.bin$", ".*\.xml$", ".*\.hdf$", ".*\.h5$" MaxDirectoryRecursion = "200" FollowDirectorySymlinks = "yes" FollowFileSymlinks = "yes" CrossFilesystems = "yes" SelfCheck = "600" ConcurrentDatabaseReload = "yes" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamscan" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "10000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertBrokenMedia disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime = "1200000" MaxScanSize = "4194304000" MaxFileSize = "4194304000" MaxRecursion = "200" MaxFiles = "5000000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "5242880" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "100000" PCRERecMatchLimit = "2000" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "1048576" LogTime disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate disabled PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile disabled DatabaseOwner = "clamupdate" Checks = "12" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "database.clamav.net" PrivateMirror disabled MaxAttempts = "3" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamd.d/scan.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "30" ReceiveTimeout disabled Bytecode = "yes" mail/clamav-milter.conf not found Software settings ----------------- Version: 0.103.7 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information -------------------- Database directory: /var/lib/clamav bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 12:32:42 2021 daily.cld: version 26713, sigs: 2010145, built on Mon Nov 7 08:52:07 2022 Total number of signatures: 8657664 Platform information -------------------- uname: Linux 4.18.0-372.32.1.el8_6.x86_64 #1 SMP Fri Oct 7 12:35:10 EDT 2022 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a2180800800000000080500 Build information ----------------- GNU C: 8.5.0 20210514 (Red Hat 8.5.0-10) (8.5.0) CPPFLAGS: -I/usr/include/libprelude CFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection LDFLAGS: -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 128, dconf: 128 _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
