search

Cisco-Talos / clamav

ClamAV - Documentation is here: https://docs.clamav.net
https://www.clamav.net/
GNU General Public License v2.0
4.4k stars 705 forks source link

Clamdscan is not streaming data to ClamAV daemon #950

Open vivekkumarchaurasia123 opened 1 year ago

vivekkumarchaurasia123 commented 1 year ago

Describe the bug

On the client machine(AWS EKS pod) clamdscan is installed and has been configured to send traffic on port 3310 via TCP. On the server side(AWS EKS pod) clamav is running as a daemon and listening on port 3310. Sometimes the client fails with the following error File path check failure: No such file or directory. ERROR

How to reproduce the problem

Scan file from client machine, clamdscan is installed

clamdscan -i directory_with_2_infected

ERROR: Can't lookup clamd hostname: Try again
/tests/clamav/testdata/directory_with_2_infected: File path check failure: No such file or directory. ERROR
/tests/clamav/testdata/directory_with_2_infected: File path check failure: No such file or directory. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 2
Time: 5.014 sec (0 m 5 s)
Start Date: 2023:06:04 16:36:10
End Date:   2023:06:04 16:36:15
Infected file found

clamav@clamav-0:/$ clamconf -n Checking configuration files in /etc/clamav

Config file: clamd.conf

AlertExceedsMax = "yes" LogFile = "/var/log/clamav/clamd.log" LogFileMaxSize = "2097152" LogTime = "yes" LogClean = "yes" LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile = "/run/clamav/clamd.pid" TemporaryDirectory = "/var/lib/clamav-temp-storage" DatabaseDirectory = "/var/lib/clamav-signatures" LocalSocket = "/run/clamav/clamd.sock" TCPSocket = "3310" SelfCheck = "43200" User = "clamav" MaxScanSize = "1073741824" MaxFileSize = "1073741824"

Config file: freshclam.conf

LogFileMaxSize = "2097152" LogTime = "yes" LogSyslog = "yes" LogRotate = "yes" PidFile = "/run/clamav/freshclam.pid" DatabaseDirectory = "/var/lib/clamav-signatures" UpdateLogFile = "/var/log/clamav/freshclam.log" Checks = "1" DatabaseMirror = "database.clamav.net" TestDatabases disabled OnUpdateExecute = "/usr/bin/freshclamUpdateEvent.sh SUCCESS" OnErrorExecute = "/usr/bin/freshclamUpdateEvent.sh FAILURE"

clamav-milter.conf not found

Software settings

Version: 0.103.8 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /var/lib/clamav-signatures main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 12:32:42 2021 bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 21:33:21 2023 daily.cld: version 26936, sigs: 2036882, built on Sun Jun 11 07:23:21 2023 Total number of signatures: 8684400

Platform information

uname: Linux 5.4.238-148.347.amzn2.x86_64 #1 SMP Thu Apr 6 19:42:57 UTC 2023 x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a21818108000000020a0201

Build information

GNU C: 10.2.1 20210110 (10.2.1) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -ffile-prefix-map=/build/clamav-XPIT9Z/clamav-0.103.8+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security' sizeof(void*) = 8 Engine flevel: 129, dconf: 129

micahsnyder commented 1 year ago

The significant error in this case appears to be:

ERROR: Can't lookup clamd hostname: Try again

It seems like your clamdscan client is having trouble connecting to your clamd server.
I see you have both two different socket options set:

LocalSocket = "/run/clamav/clamd.sock"
TCPSocket = "3310"

Is this intended? You may not need the TCPSocket one.