search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.43k stars 706 forks source link

Cannot run v0.103.8 on Red Hat Enterprise Linux 8.8 #933

Closed jnjus closed 1 year ago

jnjus commented 1 year ago

Describe the bug

Trying to run clamav on Red Hat 8.8 results in an error when trying to the service. Clam is trying to access a file that doesn't exist:

/var/lib/clamav/d

[root@mekong clamav]# ls -latrh /var/lib/clamav/d ls: cannot access '/var/lib/clamav/d': No such file or directory

Replace this text with specific steps needed to reproduce the issue.

1.) Installed RHEL8.7 from media and recently updated to 8.8 (Clam WORKED on 8.7) 2.) Enabled EPEL repo 3.) ran "yum install clamav clamav-update clamav-scanner-systemd clamav-server-systemd" 4.) ran "freshclam"(successful) Had to uncomment this line in the scan.conf: "LocalSocket /run/clamd.scan/clamd.sock"

This is the error I get when trying to start the service:

-- Unit clamd@scan.service has begun starting up. May 30 08:25:52 localhost.localdomain clamd[99642]: Received 0 file descriptor(s) from systemd. May 30 08:25:52 localhost.localdomain clamd[99642]: clamd daemon 0.103.8 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) May 30 08:25:52 localhost.localdomain clamd[99642]: Log file size limited to 1048576 bytes. May 30 08:25:52 localhost.localdomain clamd[99642]: Reading databases from /var/lib/clamav May 30 08:25:52 localhost.localdomain clamd[99642]: Not loading PUA signatures. May 30 08:25:52 localhost.localdomain clamd[99642]: Bytecode: Security mode set to "TrustSigned". May 30 08:25:52 localhost.localdomain clamd[99642]: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/d> May 30 08:25:52 localhost.localdomain clamd[99642]: LibClamAV Error: cli_loaddbdir(): error loading database /var/> May 30 08:25:52 localhost.localdomain clamd[99642]: LibClamAV Error: cli_loaddbdir(): No supported database files > May 30 08:25:52 localhost.localdomain clamd[99642]: ERROR: Can't open file or directory May 30 08:25:52 localhost.localdomain clamd[99642]: Can't open file or directory May 30 08:25:52 localhost.localdomain systemd[1]: clamd@scan.service: Control process exited, code=exited status=1 May 30 08:25:52 localhost.localdomain systemd[1]: clamd@scan.service: Failed with result 'exit-code'. -- Subject: Unit failed -- Defined-By: systemd -- Support: https://access.redhat.com/support

/var/lib/clamav perms

drwxr-xr-x. 64 root root 4.0K May 30 08:18 .. -rw-------. 1 clamupdate clamupdate 69 May 30 08:19 freshclam.dat -rw-------. 1 clamupdate clamupdate 59M May 30 08:19 daily.cvd -rw-------. 1 clamupdate clamupdate 163M May 30 08:19 main.cvd -rw-------. 1 clamupdate clamupdate 286K May 30 08:19 bytecode.cvd drwxr-xr-x. 2 clamupdate clamupdate 4.0K May 30 08:19 .

Checking configuration files in /etc

Config file: clamd.d/scan.conf

LogSyslog = "yes" LocalSocket = "/run/clamd.scan/clamd.sock" User = "clamscan"

Config file: freshclam.conf

DatabaseMirror = "database.clamav.net"

mail/clamav-milter.conf not found

Software settings

Version: 0.103.8 Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 16:33:21 2023 daily.cvd: version 26923, sigs: 2035746, built on Tue May 30 03:22:21 2023 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021 Total number of signatures: 8683264

Platform information

uname: Linux 4.18.0-477.10.1.el8_8.x86_64 #1 SMP Wed Apr 5 13:35:01 EDT 2023 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a2181810800000002080500

Build information

GNU C: 8.5.0 20210514 (Red Hat 8.5.0-16) (8.5.0) CPPFLAGS: -I/usr/include/libprelude CFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection LDFLAGS: -Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig' sizeof(void*) = 8 Engine flevel: 129, dconf: 129

Attachments

If applicable, add screenshots to help explain your problem.

If the issue is reproducible only when scanning a specific file, attach it to the ticket.

jnjus commented 1 year ago

Ooops, looks like the logs got truncated.

[101582]: LibClamAV Error: cli_load(): Can't open file /var/lib/clamav/daily.cvd [101582]: LibClamAV Error: cli_loaddbdir(): No supported database files found in /var/lib/clamav [101582]: ERROR: Can't open file or directory

chmod'd the whole /var/log/clamav directory to 777 and the service started successfully. I will manually walk back permissions until the folder is secure while keeping the service functional.

micahsnyder commented 1 year ago

Hi @jnjus it sounds like you have a solution for the issue on your side. Overall this sounds like a problem with using EPEL's clamav package, which is maintained by the EPEL team and not by us. They do things a bit differently than we do, using a clamupdate service account for freshclam and a different service account for clamd. If you have additional issues with permissions or set up after installing through EPEL, please contact them: