<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Derek,<br>
<br>
Testing it with "clamscan" won't help. It's "clamdscan" that has to
work, which is a very different beast.<br>
"clamscan" just does it all at once (which is why it takes so long).<br>
"clamdscan" uses the "clamd" process to actually do the scanning,
and hence is much faster as there's no startup time while it loads
and compiles all the virus signatures.<br>
<br>
If it works with a small text file, but not an archive or docx file,
then you've probably run out of disk space in wherever clamd is
trying to unpack the archive.<br>
<br>
Otherwise, it is almost always permissions/ownership problems.<br>
You shouldn't do any harm by fetching a new copy of the ZendTo
installer and *just* doing the "Setup ClamAV" section.<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data user a
real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the web server
user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
If both of those succeed, then start a big upload going in ZendTo.
This will force some data (with the right permissions) into
/var/zendto/incoming. While it's running, do "clamdscan
/var/zendto/incoming/*" and "clamdscan --fdpass
/var/zendto/incoming/*".<br>
<br>
By the time you've done all that lot, you've probably got some
errors from ClamAV which will help narrow down the cause.<br>
<br>
When you've fixed it, remember to put your "/etc/passwd" file back
so the shell says "/sbin/nologin" and run the "pwconv" command
again.<br>
<br>
Hope that helps,<br>
Jules.<br>
<br>
<br>
<div class="moz-cite-prefix">On 25/07/2018 17:04, Pedrosi, Derek G.
via ZendTo wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!8482e91a90b03428caa742402bff9e1309790b155291e5a1e002ee21b29b2a1b316ce9d7e792c445d5ed96ccf76ccc29!@mx.jul.es">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:roboto;
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Suddenly, my drops are no longer being
scanned by AV and users were unable to drop files. No changes
were made.<o:p></o:p></p>
<p class="MsoNormal">User see this…<o:p></o:p></p>
<table class="MsoNormalTable" style="width:100.0%" width="100%"
border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:7.5pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">Upload
Error<o:p></o:p></span></b></p>
</td>
</tr>
<tr>
<td style="padding:6.0pt .75pt .75pt .75pt"><br>
</td>
<td style="padding:6.0pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">The
attempt to virus-scan your drop-off failed. Please
notify the system administrator.<o:p></o:p></span></b></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I’ve since disable AV scan from the
preferences.php (it was 'clamdscan' => '/usr/bin/clamdscan
--stdout --fdpass',) and now users can drop files.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">The details…<o:p></o:p></p>
<p class="MsoNormal">From ZendTo log…<o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New";color:#162637">2018-07-25 08:22:31 172.16.0.103
[XXXX]: Error: Virus scan of dropped-off files
/var/zendto/incoming/phpLfUrV9
/var/zendto/incoming/phpf6ExDv for USER failed with <o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New";color:#162637"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New";color:#162637"><o:p> </o:p></span></p>
<p class="MsoNormal">From the /var/log/clamav dir:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail freshclam.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:02:09 2018 -> --------------------------------------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:24 2018 -> Update process terminated<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> --------------------------------------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> freshclam daemon 0.100.1 (OS: linux-gnu,
ARCH: x86_64, CPU: x86_64)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> ClamAV update process started at Wed Jul
25 11:44:25 2018<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> main.cvd is up to date (version: 58,
sigs: 4566249, f-level: 60, builder: sigmgr)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> daily.cld is up to date (version: 24781,
sigs: 2024541, f-level: 63, builder: neo)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> bytecode.cld is up to date (version:
325, sigs: 90, f-level: 63, builder: neo)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
11:44:25 2018 -> --------------------------------------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail clamav.log<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
04:47:22 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
04:57:22 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:07:22 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:17:22 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:27:13 2018 -> Reading databases from /var/lib/clamav<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:27:27 2018 -> Database correctly reloaded (6584590
signatures)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:37:27 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:47:27 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
05:57:27 2018 -> SelfCheck: Database status OK.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed Jul 25
06:05:55 2018 -> --- Stopped at Wed Jul 25 06:05:55 2018<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Now, I can scan files manually via the
command line…<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">clamscan
--verbose /var/log/<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">-----------
SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Known
viruses: 6584590<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Engine
version: 0.100.1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
directories: 1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
files: 43<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data scanned:
8.88 MB<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data read:
1.75 MB (ratio 5.07:1)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Time: 19.976
sec (0 m 19 s)<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Anywhere else to look?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">derek<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
ZendTo mailing list
<a class="moz-txt-link-abbreviated" href="mailto:ZendTo@zend.to">ZendTo@zend.to</a>
<a class="moz-txt-link-freetext" href="http://jul.es/mailman/listinfo/zendto">http://jul.es/mailman/listinfo/zendto</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
Malin, Hebrides: South 5 to 7, occasionally 4 at first. Slight or moderate,
becoming rough in west. Rain later. Good, occasionally poor.
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>