Log filling up incessantly by clamonacc #514
Comments
|
It seems that the file(s) are moved to early before scan of clamonacc is finished. How does the copy/movement routine work? |
|
Thank you for the headsup, I checked that, it's a cron job running every minute, makes a list of files found, copies files from that list to another machine and to another directory (not under onaccess scrutiny) and finally removes them. ls -la /tomcat/ficheiros/PES_archive/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYF.pdf-rw-r--r--. 1 wildflyB wildflyB 185693 Mar 29 11:58 /tomcat/ficheiros/PES_archive/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYF.pdf less /var/log/clamd/scan-20220329_120104.logTue Mar 29 12:01:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/DHR35NP9VY/PESREPT20220329DHR35NP9VYP.pdf |
Describe the bug
Users can upload files to a clamonacc protected directory, which are copied to another machine and then moved to an archive folder, not under clamonacc protection.
Clam however incessantly logs warnings about those "missing" files:
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure for: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
Mon Mar 21 10:39:04 2022 -> WARNING: File path check failure on: /tomcat/ficheiros/PES/2022/LNZON7O7YU/image0.jpg
rapidly filling up the disk with scan.log files
Typically it's the same filename logged over and over.
How to reproduce the problem
Cannot reproduce on another machine.
Checking configuration files in /etc
Config file: clamd.d/scan.conf
AlertExceedsMax = "yes"
LogFile = "/var/log/clamd/scan.log"
LogTime = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/run/clamd.scan/clamd.pid"
LocalSocket = "/run/clamd.scan/clamd.sock"
SelfCheck = "86400"
DisableCache = "yes"
VirusEvent = "/usr/local/sbin/virusdetected.sh "%v" "%f""
ExitOnOOM = "yes"
HeuristicScanPrecedence = "yes"
AlertBrokenExecutables = "yes"
AlertBrokenMedia = "yes"
AlertEncrypted = "yes"
AlertEncryptedArchive = "yes"
AlertEncryptedDoc = "yes"
AlertOLE2Macros = "yes"
AlertPhishingSSLMismatch = "yes"
AlertPhishingCloak = "yes"
OnAccessIncludePath = "/tomcat/ficheiros/PES"
OnAccessExcludeRootUID = "yes"
OnAccessMaxFileSize = "10485760"
OnAccessExtraScanning = "yes"
OnAccessRetryAttempts = "3"
Config file: freshclam.conf
DatabaseMirror = "database.clamav.net"
mail/clamav-milter.conf not found
Software settings
Version: 0.103.5
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON
Database information
Database directory: /var/lib/clamav
[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] rfxn.hdb: 12946 sigs
[3rd Party] whitelist.fp: 3081 sigs
[3rd Party] interserver256.hdb: 28576 sigs
[3rd Party] interservertopline.db: 1139 sigs
bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 15:21:51 2021
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 13:32:42 2021
daily.cld: version 26488, sigs: 1976522, built on Mon Mar 21 08:28:19 2022
Total number of signatures: 8671822
Platform information
uname: Linux 3.10.0-1062.9.1.el7.x86_64 #1 SMP Thu Dec 5 14:56:20 PST 2019 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.7 (1.2.7), compile flags: a9
platform id: 0x0a217e7e0800000002040805
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44.0.3) (4.8.5)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic -fno-strict-aliasing -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic
LDFLAGS: -Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'LDFLAGS=-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--as-needed' 'CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 126, dconf: 126
The text was updated successfully, but these errors were encountered: