search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.25k stars 687 forks source link

clamdtop will not launch #488

Open JTMosaic opened 2 years ago

JTMosaic commented 2 years ago

$ clamdtop

Connecting to: /var/run/clamd.scan/clamd.sock Failed to initialize curses Abnormal program termination

$ clamdtop -V Clam AntiVirus Monitoring Tool 0.104.2

ncurses is installed:

$ rpm -qa | grep ncurses ncurses-libs-5.7-4.20090207.14.amzn1.x86_64 ncurses-base-5.7-4.20090207.14.amzn1.x86_64 ncurses-5.7-4.20090207.14.amzn1.x86_64

It should be noted that clamdtop 0.102.4 worked on this same system prior to the upgrade to 0.104.2

micahsnyder commented 2 years ago

How did you install clamav?

Can you please provide the output from clamconf -n? It may help us reproduce the issue so we can understand what is going wrong.

JTMosaic commented 2 years ago

Thanks for taking a look at this!

Installed:

wget https://www.clamav.net/downloads/production/clamav-0.104.2.linux.x86_64.rpm --user-agent="Mozilla/5.0" sudo rpm -ivh clamav-0.104.2.linux.x86_64.rpm

clamconf -n

Checking configuration files in /usr/local/etc

Config file: clamd.conf

LogFile = "/var/log/clamd.scan" LogSyslog = "yes" LocalSocket = "/var/run/clamd.scan/clamd.sock" LocalSocketMode = "660" ExcludePath = "^/proc/", "^/sys/" MaxDirectoryRecursion = "25" VirusEvent = "echo Virus found in $CLAM_VIRUSEVENT_FILENAME. See log in /var/log/clamd.scan for further details | mutt -s "VIRUS ALERT - hostname: %v " -- _email_addressremoved" User = "root" OnAccessMountPath = "/" OnAccessIncludePath = "/" OnAccessExcludeRootUID = "yes" OnAccessPrevention = "yes" OnAccessMaxThreads = "10"

Config file: freshclam.conf

LogSyslog = "yes" DatabaseOwner = "clamscan" DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings

Version: 0.104.2 Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /usr/local/share/clamav bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 10:21:51 2021 daily.cld: version 26477, sigs: 1975702, built on Thu Mar 10 04:34:39 2022 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021 Total number of signatures: 8623221

Platform information

uname: Linux 4.14.248-129.473.amzn1.x86_64 #1 SMP Mon Sep 27 10:39:55 UTC 2021 x86_64 OS: Linux, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a218e8e0800000000040805

Build information

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5) sizeof(void*) = 8 Engine flevel: 142, dconf: 142

hildeb commented 2 years ago

Found the reason. stracing the process shows, that the terminfo is being searched in

/root/.mussels/install/host-static/share/terminfo It actually looks for "xterm-256color" at /root/.mussels/install/host-static/share/terminfo/x/xterm-256color I guess it's a relic from the build environment.

This makes clamd run for me:

mkdirhier /root/.mussels/install/host-static/share/terminfo/x
cp /lib/terminfo/x/xterm-256color /root/.mussels/install/host-static/share/terminfo/x/xterm-256color
JTMosaic commented 2 years ago

Thanks for the research and possible workaround. We are on Amazon Linux so this worked for me:

As root:

mkdir -p ~/.mussels/install/host-static/share
ln -s /usr/share/terminfo ~/.mussels/install/host-static/share/terminfo

So now the question is: Will this be, or has this been fixed?

micahsnyder commented 2 years ago

Nice find @hildeb. That is indeed a relic from the build environment. It seems ncurses installs some terminfo databases under <prefix>/share/terminfo and then looks in that path at runtime to load them.

One kind of lousy option would be to change the ./configure line for building ncurses to this:

          ./configure --prefix={install} --with-default-terminfo-dir=/usr/share --disable-db-install

It may solve the issue for one of you, but unfortunately not for both.

Alternatively, we could abandon using a static lib for this dependency and link with libncurses.so instead. Either way would require you to have ncurses installed for that terminfo stuff... so... that'd at least make it easier for distros where it installs under /lib instead of /usr/share... This would probably be the easiest solution.

I suppose that ideally we'd have the .deb and .rpm packages install the terminfo database along with clamav, and install under /usr/local/share/terminfo. But I'm not sure how to do that.

ragusaa commented 5 months ago

I believe this has been resolved. Going to close this issue, but please re-open if you are still having problems.

JTMosaic commented 5 months ago

This has not been fixed. It is still an issue in ClamAV 1.3.0. The fix above, to create a .mussels folder and symlink terminfo, is still necessary to use clamdtop

ragusaa commented 5 months ago

My apologies, I'll re-open.