You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Users can upload files to a clamonacc protected directory, which are copied to another machine and then moved to an archive folder, not under clamonacc protection.
Clam however incessantly logs warnings about those "missing" files:
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
rapidly filling up the disk with scan.log files
Typically it's the same filename logged over and over.
Database directory: /var/lib/clamav
[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] rfxn.hdb: 12946 sigs
[3rd Party] whitelist.fp: 3081 sigs
[3rd Party] interserver256.hdb: 28576 sigs
[3rd Party] interservertopline.db: 1139 sigs
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 13:32:42 2021
daily.cld: version 26488, sigs: 1976522, built on Mon Mar 21 08:28:19 2022
Total number of signatures: 8671822
Thank you for the headsup, I checked that, it's a cron job running every minute, makes a list of files found, copies files from that list to another machine and to another directory (not under onaccess scrutiny) and finally removes them.
I added a sleep step between making the list and further processing but without success.
Is there an internal cache or is clam looking up a kernel cache or something like that?
This file was uploaded at 11:57, moved to it's final directory at 11:58 and clam starts complaining at 12:01:04
ls -la /tomcat/ficheiros/PES_archive/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYF.pdf
-rw-r--r--. 1 wildflyB wildflyB 185693 Mar 29 11:58 /tomcat/ficheiros/PES_archive/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYF.pdf
less /var/log/clamd/scan-20220329_120104.log
Tue Mar 29 12:01:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYP.pdf
Tue Mar 29 12:01:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYP.pdf
Describe the bug
Users can upload files to a clamonacc protected directory, which are copied to another machine and then moved to an archive folder, not under clamonacc protection.
Clam however incessantly logs warnings about those "missing" files:
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
rapidly filling up the disk with scan.log files
Typically it's the same filename logged over and over.
How to reproduce the problem
Cannot reproduce on another machine.
Checking configuration files in /etc
Config file: clamd.d/scan.conf
AlertExceedsMax = "yes"
LogFile = "/var/log/clamd/scan.log"
LogTime = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/run/clamd.scan/clamd.pid"
LocalSocket = "/run/clamd.scan/clamd.sock"
SelfCheck = "86400"
DisableCache = "yes"
VirusEvent = "/usr/local/sbin/virusdetected.sh "%v" "%f""
ExitOnOOM = "yes"
HeuristicScanPrecedence = "yes"
AlertBrokenExecutables = "yes"
AlertBrokenMedia = "yes"
AlertEncrypted = "yes"
AlertEncryptedArchive = "yes"
AlertEncryptedDoc = "yes"
AlertOLE2Macros = "yes"
AlertPhishingSSLMismatch = "yes"
AlertPhishingCloak = "yes"
OnAccessIncludePath = "/tomcat/ficheiros/PES"
OnAccessExcludeRootUID = "yes"
OnAccessMaxFileSize = "10485760"
OnAccessExtraScanning = "yes"
OnAccessRetryAttempts = "3"
Config file: freshclam.conf
DatabaseMirror = "database.clamav.net"
mail/clamav-milter.conf not found
Software settings
Version: 0.103.5
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
Database directory: /var/lib/clamav
[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] rfxn.hdb: 12946 sigs
[3rd Party] whitelist.fp: 3081 sigs
[3rd Party] interserver256.hdb: 28576 sigs
[3rd Party] interservertopline.db: 1139 sigs
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 13:32:42 2021
daily.cld: version 26488, sigs: 1976522, built on Mon Mar 21 08:28:19 2022
Total number of signatures: 8671822
Platform information
uname: Linux 3.10.0-1062.9.1.el7.x86_64 #1 SMP Thu Dec 5 14:56:20 PST 2019 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a217e7e0800000002040805
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44.0.3) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 126, dconf: 126
The text was updated successfully, but these errors were encountered: