Ubuntu – Why can’t clamdscan scan anything

10.04clamavpermissions

Not sure what's going on here. I've installed clamav, clamav-freshclam and clamav-daemon to run automated scans (using cron) on my machine running Ubuntu Desktop 10.04 LTS x64.

Unfortunately, clamdscan refuses to scan anything. This is the output I receive every time I try:

root@uhs:/raid/Share/Public/# clamdscan -v /raid/Share/Public/
/raid/Share/Public: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.004 sec (0 m 0 s)
root@uhs:/raid/Share/Public/#

/raid/Share/Public has 777 permissions, and the clamav-daemon user clamav has been added to both the admin and root groups. I get the same error no matter what files or directories I try to scan.

I even ran dpkg-reconfigure clamav-base and made the daemon user root to see if that would help (which it didn't). And I have of course run service clamav-daemon restart in between all of these changes.

I'm aware of the cat file_name | clamdscan - option, but I need to be able to scan whole directories recursively, so obviously this won't work.

What am I doing wrong? Can I use clamdscan?

Thank you for any help.

Update

Output of sudo -u clamav stat /raid/Share/Public/:

root@uhs:/raid/Share/Public# sudo -u clamav stat /raid/Share/Public/
  File: `/raid/Share/Public/'
  Size: 6           Blocks: 0          IO Block: 4096   directory
Device: 900h/2304d  Inode: 54526208    Links: 2
Access: (0777/drwxrwxrwx)  Uid: ( 1000/awensley)   Gid: (  120/   admin)
Access: 2011-01-19 01:00:00.304365306 -0600
Modify: 2011-01-18 22:47:06.793592673 -0600
Change: 2011-01-19 00:42:52.023813550 -0600
root@uhs:/raid/Share/Public#

Update 2

I have this exact same problem on 5 separate Ubuntu 10.04 machines; 3 of them servers. So either I'm missing something or there's a real problem here.

Update 3

I've submitted this as a bug report on Launchpad

Best Answer

Elsewhere, I've seen that AppArmor or SELinux can cause problems for clamdscan.

If you run sudo aa-complain clamd and the re-scan works, that's probably your issue. (Be sure to re-enable it with sudo aa-enforce clamd.)

To temporarily disable SELinux, which I haven't run on Ubuntu, you can try echo 0 > /selinux/enforce . We can follow up with that if you're running SELinux.

update: Here's a very interesting thread from launchpad: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/450250 . I would follow Jamie Strandboge's comments there to eliminate AppArmor profiles as the culprit.

If these aren't applicable the hack that springs to mind is piping a directory to standard output via tar, and feeding that into clamdscan (which is a variation on what you've mentioned for a single file). I think that would look something like :

 tar -cvf --to-stdout /somedirectory | clamdscan -

You should be able to get the most recent packaged version of clamav from the Ubuntu Clamav team from their ppa : https://launchpad.net/~ubuntu-clamav/+archive/ppa

Also, from the ClamAV site: "If you are going to submit a bug report, always check it against the latest development code ." (Assuming you haven't already done this) You'll have to pull that code manually from their Git repository and compile it.

For bug reporting on the Ubuntu packages, please see http://askubuntu.com...how-do-i-report-a-bug .

=======

One thing to note, is that as far as I can tell, it is clamscan and not clamdscan which is supposed to just work unproblematically in your home directory.

Ubuntu presents some possible complication (with the very desirable security increase) by having apparmor turned on by default.

(clamdscan requires the clamav daemon to be running -- clamscan, more of an ad-hoc user-oriented package, does not. With the additional features of clamdscan/clamd, there is added complexity overhead.)

Yet, against that, the bug for clamdscan and apparmor mentioned in the bug from this post should have been corrected by the time of the current package.

Updated attempts to reproduce and resolve

I don't think I can completely reproduce your environment or control for user error (definitely mine and possibly yours), however I've reproduced what I think is the same issue under the same version of clamav you have.

Additionally, I've downloaded the latest code from the git repository, compiled and installed it, and still have the issue.

I don't have SELinux, but I do have AppArmor. Have I correctly accounted for that? I'm not 100%. I still get the permission denied errors after turning off AppArmor though.

=======

Related Solutions

Ubuntu – Why can’t I paste anything under the /usr/ folder

Mallik is right. You don't own this directory, since it is a system-directory and not a user-directory, like /home/Username, where you can copy/paste files as you wish!

Please don't change the root permission of any system-directory permanently, since your system manages on its own and you can only break it that way. Instead open Terminal and use sudo before your command to copy cp, or move mv files/folders.

Put the folder you want to copy (I call it myNewTheme) on your desktop!

Your command should be as followed: (you need to replace the path/dir and name of the folder you want to copy/move):

sudo cp -r /home/Username/Desktop/myNewTheme /usr/share/kde4/apps/ksplash/Themes/

The -r stands for recursive, since it is a folder (parent), with sub-folders/files (children) and therefore recursion is mandatory!!

Ubuntu – Meaning of Total errors on result of Clamav scan

Read this Clamav faq question #21. No need to sweat.

These "errors" are not actually errors but are usually files you don't have read access to. They may belong to another user or to the System. Either way they probably aren't anything to be concerned about.