clamd –version - ClamAV 1.4.3/27818/Mon Nov 10 10:44:43 2025 Ubuntu version (cat /etc/release) - VERSION="24.04.3 LTS (Noble Numbat)"
What do you mean by 'classical' 24.04? On Thu, 13 Nov 2025, 02:57 Newcomer01 via clamav-users, < [email protected]> wrote: > on Ubuntu 24.04 LTS it should be 1.4.3, on classical 24.04 maybe a newer > one > > Von / From: Thomas Jordan <[email protected]> > An / To: Newcomer01 <[email protected]> > Gesendet / Sent: Mittwoch, November 13, 2025 um 00:08 (at 12:08 AM) +0100 > Betreff / Subject: Re: [clamav-users] clamonacc detects file and says > scanning of file has started but then nothing happens > > Ubuntu 24.04 and whatever version of ClamAV got installed by apt today, > I'll confirm exact version when I get back into work tomorrow. > > On Wed, 12 Nov 2025, 21:30 Newcomer01 via clamav-users, < > [email protected]> wrote: > >> which Ubuntu Version is running and which ClamAV Version? >> >> Von / From: Tom Jordan Via Clamav-Users <[email protected]> >> An / To: Newcomer01 <[email protected]> >> CC / CC: Tom Jordan <[email protected]> >> Gesendet / Sent: Dienstag, November 12, 2025 um 21:46 (at 09:46 PM) +0100 >> Betreff / Subject: [clamav-users] clamonacc detects file and says >> scanning of file has started but then nothing happens >> >> Hi, >> >> So I couldn't get the clamonacc scanner running on the host VM to detect >> files in the Docker container by watching the overlay file system where the >> Docker filesystems are mounted on the host. It seemsa like that is not >> possible with clam tools, so I am trying a different configuration now (a >> helpful suggestion from Andrew Aitchison). I have clamonacc running in the >> Docker container (clamonacc --move=/infected --foreground >> --log=/tmp/clamonacc.log --verbose), and clamd server running in the host >> VM (clamd --foreground --debug), with communication between the two via a >> TCP port/IP address configured in clamd.conf, which container and host each >> have a copy of same. >> >> Now the clamonacc running in the container can ping the clamd: >> >> >> >> tpj@tpj-VirtualBox: clamonacc --ping 10 >> >> PONG >> >> >> >> which suggests the TCP address/port configuration is correct between the >> two. Also, when I shell into the clamonacc container and access an >> eincar.txt test malware file that I installed when building the container, >> the clamonacc detects me touching the file and indicates scanning has >> begun, as seen from its log output: >> >> >> >> ClamFanotif: attempting to feed consumer queue >> >> ClamWorker: performing scanning on file >> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >> >> >> >> But then nothing else happens, there is no notification about einvar.txt >> being a malware file and it is not moved to the quarantine folder. There is >> nothing further in the clamonacc log and nothing appears in the clamd log >> indicating that scanning has taken place at that end. The logging is not >> particularly verbose and I can't see how to get any further information out >> about what has happened. >> >> >> >> If I just create an innocuous file such as >> >> >> >> echo "hello" > test.txt >> >> >> >> in the same directory /home/ubuntu/clam_test/clam_test_sub_dir/, I see >> the following log messages from clamonacc: >> >> >> >> ClamFanotif: attempting to feed consumer queue >> >> ClamWorker: performing scanning on file >> '/home/ubuntu/clam_test/clam_test_sub_dir/test.txt' >> >> >> >> but test.txt is an benign file, this just shows that clamonacc sees all >> files on the watched path. >> >> >> >> Why is this not working? It feels like I'm nearly there but it doesn't >> work. Is there anything else I can do to get more information out? >> >> >> >> I'm using the following in clamd.conf: >> >> >> >> OnAccessIncludePath /home/ubuntu >> >> OnAccessExcludeUname clamav >> >> #OnAccessPrevention yes >> >> >> >> and here is the complete log output from clamonacc: >> >> >> >> root@7b58bc699d7b:/# clamonacc --move=/infected --foreground >> --log=/tmp/clamonacc.log --verbose >> >> -------------------------------------- >> >> ClamClient: client setup to scan via streaming >> >> Clamonacc: daemon is remote >> >> ClamFanotif: kernel-level blocking feature disabled ... >> >> ClamFanotif: max file size limited to 5242880 bytes >> >> ClamScanQueue: initializing event queue consumer ... (5) threads in >> thread pool >> >> Clamonacc: beginning event loops >> >> ClamFanotif: starting fanotify event loop with process id (67) ... >> >> ClamInotif: starting inotify event loop ... >> >> ClamInotif: dynamically determining directory hierarchy... >> >> ClamInotif: watching '/home/ubuntu' (and all sub-directories) >> >> Excluding temp directory: /tmp >> >> ClamScanQueue: waiting to consume events ... >> >> ClamInotif: NVM, didn't actually need to exclude '/tmp' >> >> ClamFanotif: attempting to feed consumer queue >> >> ClamFanotif: attempting to feed consumer queue >> >> ClamMisc: $/proc/76 vanished before UIDs could be excluded; scanning >> anyway >> >> ClamFanotif: attempting to feed consumer queue >> >> ClamWorker: performing scanning on file >> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt.copy' >> >> ClamWorker: performing scanning on file >> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >> >> ClamWorker: performing scanning on file >> '/home/ubuntu/clam_test/clam_test_sub_dir/eincar.txt' >> >> >> >> >> >> and from clamd: >> >> >> >> tpj@ubuntu_box:/# clamd --foreground --debug >> >> Limits: Global time limit set to 120000 milliseconds. >> >> Limits: Global size limit set to 419430400 bytes. >> >> Limits: File size limit set to 104857600 bytes. >> >> Limits: Recursion level limit set to 17. >> >> Limits: Files limit set to 10000. >> >> Limits: Core-dump limit is 18446744073709551615. >> >> Limits: MaxEmbeddedPE limit set to 41943040 bytes. >> >> Limits: MaxHTMLNormalize limit set to 41943040 bytes. >> >> Limits: MaxHTMLNoTags limit set to 8388608 bytes. >> >> Limits: MaxScriptNormalize limit set to 20971520 bytes. >> >> Limits: MaxZipTypeRcg limit set to 1048576 bytes. >> >> Limits: MaxPartitions limit set to 50. >> >> Limits: MaxIconsPE limit set to 100. >> >> Limits: MaxRecHWP3 limit set to 16. >> >> Limits: PCREMatchLimit limit set to 100000. >> >> Limits: PCRERecMatchLimit limit set to 2000. >> >> Limits: PCREMaxFileSize limit set to 104857600. >> >> Archive support enabled. >> >> Image (graphics) scanning support enabled. >> >> Detection using image fuzzy hash enabled. >> >> AlertExceedsMax heuristic detection disabled. >> >> Heuristic alerts enabled. >> >> Portable Executable support enabled. >> >> ELF support enabled. >> >> Mail files support enabled. >> >> OLE2 support enabled. >> >> PDF support enabled. >> >> SWF support enabled. >> >> HTML support enabled. >> >> XMLDOCS support enabled. >> >> HWP3 support enabled. >> >> OneNote support enabled. >> >> Self checking every 600 seconds. >> >> Listening daemon: PID: 14 >> >> MaxQueue set to: 100 >> >> SelfCheck: Database status OK. >> >> SelfCheck: Database status OK. >> >> SelfCheck: Database status OK. >> >> >> >> >> >> Any help as always much appreciated. >> >> >> >> Thomas >> >> >> >> _______________________________________________ >> >> Manage your clamav-users mailing list subscription / >> unsubscribe:https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV >> guide:https://github.com/Cisco-Talos/clamav-documentation >> https://docs.clamav.net/#mailing-lists-and-chat >> >> >> _______________________________________________ >> >> Manage your clamav-users mailing list subscription / unsubscribe: >> https://lists.clamav.net/mailman/listinfo/clamav-users >> >> >> Help us build a comprehensive ClamAV guide: >> https://github.com/Cisco-Talos/clamav-documentation >> >> https://docs.clamav.net/#mailing-lists-and-chat >> > > _______________________________________________ > > Manage your clamav-users mailing list subscription / unsubscribe: > https://lists.clamav.net/mailman/listinfo/clamav-users > > > Help us build a comprehensive ClamAV guide: > https://github.com/Cisco-Talos/clamav-documentation > > https://docs.clamav.net/#mailing-lists-and-chat >
_______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
