Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"
Sorry, for the delay in replying, and many thanks to those who did. On Tue, 30 Oct 2018 at 19:08, Scott Kitterman wrote: > Did you explicitly remove Apparmor? It's shipped by default in Ubuntu and > the > Ubuntu clamav has an Apparmor profile included. > That was exactly it! I was unaware of Apparmor now coming enabled by default. It's the first time it's ever caused me any issues. For anyone looking for a fix in the future, do the following: 1. Uncomment the local config include at the bottom of "/etc/apparmor.d/usr.sbin.clamd" 2. Add the system paths clamd should have access to in "/etc/apparmor.d/local/usr.sbin.clamd" 3. Reload the apparmor service Many thanks for your help all! -- Doug ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
Re: [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"
>and make sure user www-data has at least read and execute permissions If www-data didn't have r/w access to that directory, my site would be broken! >From the (redacted) comand output I copied above: >> root@arquivos0:/var/www# sudo -u clamav ls nc_data/ >> [correct directory contents listed] I do normally mount /var noexec, however I had to remount it exec when I ran dpkg-reconfigure, so that's not it. I've just tested it with /tmp also mounted exec, however that still didn't fix the problem. > Apparmor/SE Linux is another possibility. Neither are installed on this server. BTW, I'm running Ubuntu 16.04 & ClamAV 0.100.2/25075/Mon. -- Doug ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
[clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"
Hi all, For some reason, clamdscan is returning a permissions error for files it has read access to. I've copied some output below to help show the situation... == root@arquivos0:/var/www# grep User /etc/clamav/clamd.conf User clamav root@arquivos0:/var/www# grep clamav /etc/group www-data:x:33:clamav clamav:x:121: root@arquivos0:/var/www# ls -ld nc_data/ drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/ root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf nc_data/ /var/www/nc_data: lstat() failed: Permission denied. ERROR --- SCAN SUMMARY --- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s) root@arquivos0:/var/www# sudo -u clamav ls nc_data/ [correct directory contents listed] root@arquivos0:/var/www# ls -al /var/log/clamav/ total 20 drwxr-xr-x 2 clamav clamav45 Out 30 12:29 . drwxrwxr-x 16 root syslog 4096 Out 30 15:41 .. -rw-r- 1 clamav adm10914 Out 30 17:12 clamav.log -rw-r- 1 clamav adm 2352 Out 30 15:17 freshclam.log root@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf /var/log/clamav/ /var/log/clamav: lstat() failed: Permission denied. ERROR --- SCAN SUMMARY --- Infected files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s) == To quote Aristotle, "WTF?" Any help appreciated! -- Doug ___ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
