-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: virus scan fails on default centos installs #185
Comments
@scollazo should we instead consider to tweak ansible-clamav so both Ubuntu and EL deployments of clamd listen on |
As we have had problems with clamav unix permissions and selinux configuration in the past, we started using the tcp socket to workaround them. The changes needed for the clamav role are explained here, but using it brought selinux problems ( |
Hi, I'm going to summarize all that Santi has said (and I'm going to complete it with additional info) about this issue to use the Clamav socket file on CentOS:
I tested some transfers with the SELinux security policy in enforced mode, and there are no Clamav error messages in the /var/log/audit/audit.log file. The changes made on the default /etc/clamd.conf file are:
Two useful links: https://www.hostinger.com/tutorials/how-to-install-clamav-centos7#Step-2-Configuring-SELinux |
Once it seems the options of using the tcp socket and the file socket are both viable, we have to decide how we are going to update the archivematica-docs, the Ansible role and am-packaging: If we are going to document and give the option to use both, or we are going to use only one of them (which is the one chosen?) |
@mamedin can we close this issue or there's more work to do? |
I think we can close this issue. It is fixed in the Ansible installation and it is explained in the archivematica-docs: |
In Centos environments, clamav listens on port 3310.
We need to add
ARCHIVEMATICA_MCPCLIENT_MCPCLIENT_CLAMAV_SERVER=localhost:3310
to /etc/sysconfig/archivematica-mcp-client on CentosAs a workaround, adding
to the host vars, deploys the expected configurations.
The text was updated successfully, but these errors were encountered: