umarkhan99
commented
3 months ago anyone?
Open umarkhan99 opened 3 months ago
umarkhan99
commented
3 months ago anyone?
micahsnyder
commented
3 months ago In the section "How to reproduce the problem", you wrote:
Checking configuration files in /etc
These are not reproduction instructions. It is clear to me from the config that you want to use the on-access scanner. You haven't stated how you start clamd or clamonacc.
On a tangent, the clamconf output also can't find a freshclam.conf config. I don't know if your system isn't configured to run freshclam or if it is somewhere else that we can't see. There is some weirdness about your config settings, different from how most use it. I think it might be a weird Fedora packaging thing. Anyways....
One thing to note is that, ClamAV 0.103 does have some issues with clamonacc scan performance that has improved somewhat in newer versions. I recommend the latest version if you can. BUT - clamonacc scan performance is still not great. I see that you have configured to monitor your entire system, excluding some directories containing non-scannable files (/proc, /mnt, /sys). Your desire to monitor the whole system is common. I wish it worked well. On a system that sees minimal activity, it might work okay. But on a busier system it is unlikely to keep up. But I don't think this is the source of your current issue.
I suspect that this is the problem:
I see that you have the clamd "User" setting set to "clamscan". I don't know how you are starting clamd, but if it does end up running as that "clamscan" user, then you need the on-access settings to exclude that same user account. If you don't, then clamonacc will see file activity events caused by clamd. This will trigger a scan, which will cause more clamd file activity, which will trigger more scans... etc. That will quickly lock up the scanning process.
I suggest adding this to your config:
OnAccessExcludeUname clamscanIt is up to you if you want to remove the OnAccessExcludeRootUID line. I think you can have both, and exclude both "root" and also "clamscan".
Describe the bug
when scanning the test virus file, I get the following in log file
ERROR: ClamCom: TIMEOUT while waiting on socket (recv) ERROR: ClamCom: TIMEOUT while waiting on socket (recv) ERROR: ClamCom: TIMEOUT while waiting on socket (recv) ERROR: ClamCom: TIMEOUT while waiting on socket (recv)
How to reproduce the problem
Checking configuration files in /etc
Config file: clamd.d/scan.conf
LogSyslog = "yes" LocalSocket = "/run/clamd.scan/clamd.sock" TCPSocket = "3310" TCPAddr = "127.0.0.1" MaxThreads = "20" ConcurrentDatabaseReload disabled User = "clamscan" OnAccessMountPath = "/" OnAccessIncludePath = "/" OnAccessExcludePath = "/mnt", "/sys", "/proc" OnAccessExcludeRootUID = "yes"
freshclam.conf not found
mail/clamav-milter.conf not found
Software settings
Version: 0.103.11 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
Database directory: /var/lib/clamav bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 08:37:24 2024 daily.cld: version 27316, sigs: 2063390, built on Mon Jun 24 02:26:29 2024 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 06:32:42 2021 Total number of signatures: 8710903
Platform information
uname: Linux 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.7 (1.2.7), compile flags: a9 platform id: 0x0a2184840800000000040805
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5) CPPFLAGS: -I/usr/include/libprelude CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 132, dconf: 132`
Attachments
If applicable, add screenshots to help explain your problem.
If the issue is reproducible only when scanning a specific file, attach it to the ticket.