search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.43k stars 706 forks source link

OnAccessIncludePath add one "~/" before absolute path. #1176

Open quickhot opened 9 months ago

quickhot commented 9 months ago

Describe the bug

I have configured the "On-Access Scanning" with my clamav-daemon.

my config is:

OnAccessIncludePath "/usr/bin"
OnAccessPrevention yes
OnAccessExcludeUname clamav
OnAccessMaxFileSize 20M
OnAccessMaxThreads 50

when clamonacc running. report error such as:

● clamav-daemon.service - Clam AntiVirus userspace daemon
   Loaded: loaded (/lib/systemd/system/clamav-daemon.service; enabled; vendor preset: enabled)
  Drop-In: /etc/systemd/system/clamav-daemon.service.d
           └─extend.conf
   Active: active (running) since Fri 2024-02-16 11:24:35 CST; 10min ago
     Docs: man:clamd(8)
           man:clamd.conf(5)
           https://docs.clamav.net/
  Process: 47074 ExecStartPre=/bin/chown clamav /run/clamav (code=exited, status=0/SUCCESS)
  Process: 47069 ExecStartPre=/bin/mkdir -p /run/clamav (code=exited, status=0/SUCCESS)
 Main PID: 47078 (clamd)
    Tasks: 3 (limit: 7372)
   CGroup: /system.slice/clamav-daemon.service
           └─47078 /usr/sbin/clamd --foreground=true

Feb 16 11:35:17 CU250 clamd[47078]: Fri Feb 16 11:35:17 2024 -> ~/usr/bin/gawk: Can't open file or directory ERROR
Feb 16 11:35:17 CU250 clamd[47078]: Fri Feb 16 11:35:17 2024 -> ~/usr/bin/gawk: Can't open file or directory ERROR
Feb 16 11:35:21 CU250 clamd[47078]: Fri Feb 16 11:35:21 2024 -> ~/usr/bin/gawk: Can't open file or directory ERROR
Feb 16 11:35:21 CU250 clamd[47078]: Fri Feb 16 11:35:21 2024 -> ~/usr/bin/gawk: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR
Feb 16 11:35:27 CU250 clamd[47078]: Fri Feb 16 11:35:27 2024 -> ~/usr/bin/basename: Can't open file or directory ERROR

my path is /usr/bin,calmav visit is "~/usr/bin"

How to reproduce the problem

System: Ubuntu 18.04 LTS Version: ClamAV 0.103.8/27186/Thu Feb 15 17:23:30 2024 installed from apt install ...

using the config blow:

...
OnAccessIncludePath "/usr/bin"
OnAccessPrevention yes
OnAccessExcludeUname clamav
OnAccessMaxFileSize 20M
OnAccessMaxThreads 50
...

Attachments

none

micahsnyder commented 9 months ago

This is very strange. I haven't heard of this problem before.

I do see that you're running a rather old version (0.103.8). I realize it's the most recent version provide by ubuntu:18.04. You could try using the Debian package we provide, though I would note it installs to /usr/local instead of /usr. The database directory and config directories will also be different: /usr/local/share/clamav and /usr/local/etc

You can find our Debian packages here: https://www.clamav.net/downloads https://www.clamav.net/downloads/production/clamav-1.3.0.linux.x86_64.deb

And additional documentation here: https://docs.clamav.net/manual/Installing.html#linux-deb-rpm