ovizii
commented
8 years ago I second this as I am encountering the exact same situation.
Open ghost opened 8 years ago
ovizii
commented
8 years ago I second this as I am encountering the exact same situation.
mlwdofc
commented
8 years ago I've also encountered this problem.
nanonettr
commented
8 years ago 
ghost
commented
8 years ago Tried that but it doesn't make any difference. The clamav user still has no access to the files if you pass them via file descriptor. But it gave me a hint where to start.
Did that with v1.5. So for future versions the line numbers my differ!
1) add a new line to conf.maldet:
scan_clamdscan_options="--fdpass --config-file=/etc/clamav/clamd-maldet.conf"
Now you can pass any options to clamdscan. The file clamd-maldet.conf is the config for a second clamd instance running as root. There is still the Ubuntu default one running as clamav for my mail stuff. So now clamd can access really all files maldetec passes them.
2) modifiy internals/functions:
line 959: clamopts="$scan_clamdscan_options"
line 1305: clamopts="$scan_clamdscan_options"
That works at least for me. Maybe someone can convert this into a proper pull request as my knowledge of that is not really existing. ;-)
magicdude4eva
commented
8 years ago Running on CentOS 7 epel installs clamd as clamd.scan running as user clamscan:
clamscan 5603 0.0 3.0 531176 365628 ? Ssl 19:31 0:00 clamd.scan -c /etc/clamd.d/scan.conf --pid /var/run/clamd.scan/clamd.pid
root 6948 0.9 0.0 6480 860 pts/0 SN 19:38 0:01 /usr/bin/inotifywait -r --fromfile /usr/local/maldetect/sess/inotify.paths.6850 --exclude (^/var/tmp/mysql.sock$|^/tmp/mysql.sock$|^/var/cache/buagent/md0.cache.data$|^/var/tmp/#sql_.*\.MYD$|^/tmp/#sql_.*\.MYD$|^/var/tmp/clamav-.*) --timefmt %d %b %H:%M:%S --format %w%f %e %T -m -e create,move,modifyEven with changing the reference on Line #726 and Line #1308:
if [ "$scan_clamscan" == "1" ]; then
isclamd=`pidof -x clamd.scan 2> /dev/null`
isclamd_root=`pgrep -x -u clamscan clamd 2> /dev/null`
I get the error warning clamd service not running; force-set monitor mode file scanning to every 120s
Anyone have a proper suggestion how this should work?
Hello together,
I ran into a problem yesterday while configuring maldet for our server. We are running clamd as mail scanner under clamav user for security reasons. As I still wanted to use clamd daemon because of a better performance and memory consumption I set up a second instance running as root. Unfortunately maldet is always using the first clamav instance running as user clamav and has therefor no access to some files.
When I use the command clamDscan directly with the parameter --config-file= the correct instance is being used. It would be great if that parameter could be configure via the config file so that another instance is used.
I think it might also be an advantage to also use the parameter --fdpass as then only the file descriptor is passed instead of the whole file. Reduces the overhead.