search

xypron / skyldav

Skyld AV - on access virus scanner
http://xypron.github.io/skyldav/
Apache License 2.0
3 stars 3 forks source link

Unable to access large files (no virus) when skyldav is running #10

Closed wschlich closed 11 years ago

wschlich commented 11 years ago

Hi!

Seems that there's an issue with large files. After starting skyldav, they cannot be accessed anymore (EPERM):

## 4GB VMware memory save file
zephyr ~ # ls -al /home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem
-rw------- 1 wschlich blafasel 4294967296 Aug 16 14:38 /home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem
zephyr ~ # file /home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem
/home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem: data
zephyr ~ # 

## 2GB VMware memory save file
zephyr ~ # ls -al /home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem
-rw------- 1 wschlich blafasel 2147483648 Mar 28 17:08 /home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem
zephyr ~ # file /home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem
/home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem: data
zephyr ~ # 

## starting skyldav
zephyr ~ # /etc/init.d/skyldav start
 * Starting skyldav ...                                                                                                                                                                                      [ ok ]
zephyr ~ # 

## unable to read files
zephyr ~ # file /home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem
/home/vmware/windows-8-pro-x64/windows-8-pro-x64-97b50c4a.vmem: writable, regular file, no read permission
zephyr ~ # file /home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem
/home/vmware/SLES-11-SP2-x86_64/SLES-11-SP2-x86_64-835f1851.vmem: writable, regular file, no read permission
zephyr ~ # 

## no log entries
zephyr ~ # cat /var/run/skyldav/log
IOn access scanning started.
zephyr ~ #

An strace of vmware shows that EPERM is returned when opening such a file.

I found out that this happens to files that are >=2048 MB large. When creating a 2047 MB file with dd from /dev/sda, this does not happen, when adding one more MB, it does.

Cheers, Wolfram

xypron commented 11 years ago

Hello Wolfram,

are you working on a 32bit system?

In issue #4 you wrote you use CFLAGS="-O2 -march=native ..."

gcc must be called with -D_FILE_OFFSET_BITS=64

Best regards

Heinrich

wschlich commented 11 years ago

No 32bit system :) This is just the basic Gentoo CFLAGS from /etc/make.conf. -D_FILE_OFFSET_BITS=64 is added automatically -- here are some snippets from the build log so you can see it's ok :):

configure: CPPFLAGS = -pthread -I. -D_FILE_OFFSET_BITS=64
...
x86_64-pc-linux-gnu-g++ -DHAVE_CONFIG_H -I. -I../..  -pthread -I/usr/include/gtk-2.0 -I/usr/lib64/gtk-2.0/include -I/usr/include/pango-1.0 -I/usr/include/atk-1.0 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/libdrm -I/usr/include/pango-1.0 -I/usr/include/freetype2 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/libpng15 -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include  -pthread -I. -D_FILE_OFFSET_BITS=64   -O2 -march=native -pipe -ggdb -c -o notify.o notify.cc
...
/bin/sh ../../libtool  --tag=CC   --mode=compile x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../..  -O2 -march=native -pipe -ggdb -fno-strict-aliasing  -pthread -I. -D_FILE_OFFSET_BITS=64   -O2 -march=native -pipe -ggdb -c -o libskyldav_la-conf.lo `test -f 'conf.c' || echo './'`conf.c
...
libtool: compile:  x86_64-pc-linux-gnu-gcc -DHAVE_CONFIG_H -I. -I../.. -O2 -march=native -pipe -ggdb -fno-strict-aliasing -pthread -I. -D_FILE_OFFSET_BITS=64 -O2 -march=native -pipe -ggdb -c listmounts.c  -fPIC -DPIC -o .libs/libskyldav_la-listmounts.o

Cheers, Wolfram

xypron commented 11 years ago

Please, recheck with patch https://github.com/xypron/skyldav/commit/de3a2f33a1c13485e1a82baad1d24ddabec467c5

Best Regards

Heinrich

wschlich commented 11 years ago

I can confirm that files >=2GB can now be accessed with skyldav running. Thanks!