This problem is related to https://github.com/kobaltz/clamby/issues/31. For me, #31 didn't solve the problem. Clamsy and clamdscan worked fine local and with files I had put myself on the server in /tmp. But not with tempfiles created by ActiveStorage, like /tmp/RackMultipart20210304-544254-1q5vwnm.jpg.
We use clamsy in daemon mode, like "/usr/sbin/clamd -c /etc/clamd.d/scan.conf" as user 'clamscan'.
The problem was in the file permissions: RackMultipart... had 600, while the files I had put in this directory had 644. So the clamsy user had no access to the tempfile that was created by the application user.
My solution is to change attributes temporarily before the virusscan was done in the code:
if File.exist?(attachable.tempfile.path)
# Temporarily change permissions, so the daemon has access. If not, it always returns false positive for any file.
File.chmod(0644, attachable.tempfile.path)
record.errors.add(attribute, :may_be_infected, file: attachable.original_filename) if Clamby.virus?(attachable.tempfile.path)
File.chmod(0600, attachable.tempfile.path)
end
So, for me, this problem is solved, but maybe a better solution could be found.
This problem is related to https://github.com/kobaltz/clamby/issues/31. For me, #31 didn't solve the problem. Clamsy and clamdscan worked fine local and with files I had put myself on the server in /tmp. But not with tempfiles created by ActiveStorage, like /tmp/RackMultipart20210304-544254-1q5vwnm.jpg.
We use clamsy in daemon mode, like "/usr/sbin/clamd -c /etc/clamd.d/scan.conf" as user 'clamscan'.
The problem was in the file permissions: RackMultipart... had 600, while the files I had put in this directory had 644. So the clamsy user had no access to the tempfile that was created by the application user.
My solution is to change attributes temporarily before the virusscan was done in the code:
So, for me, this problem is solved, but maybe a better solution could be found.