<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
Have you restarted clamd before trying clamdscan?<br>
<br>
Is there any setting for "LocalSocket" in your clamd.conf file?<br>
(There probably doesn't have to be, it will most likely use a
default if you don't set one, you can check in your clamd.conf file
as if there isn't a setting for it, there will still be a comment
describing it and stating what the default value is.)<br>
<br>
<div class="moz-cite-prefix">On 27/07/2018 13:59, Pedrosi, Derek G.
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:WM!6e45960e2db35b39339d168c6c882a6d5c31a6d11ff81f04f7eefc5f0bd680baa1cca94b6f0b270e7c4f2b53048e9837!@mx.jul.es">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:roboto;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Courier New \;color\:\#162637";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Times New Roman \,serif";
panose-1:0 0 0 0 0 0 0 0 0 0;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0in;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New",serif;
color:black;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman",serif;
color:black;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New",serif;}
span.EmailStyle20
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle22
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:#1F497D;}
span.EmailStyle23
{mso-style-type:personal;
font-family:"Calibri",sans-serif;
color:windowtext;}
span.EmailStyle24
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:12.0pt;color:#1F497D">Running clamdscan
with changes Jules outlined yields the following.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:#1F497D">When I go to that
directory, the file /var/run/clamav/clamd.ctl does not
exist.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">www-data@ZendTo5:~$
clamdscan --verbose /var/zendto/*<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-----------
SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Total
errors: 8<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Time:
0.001 sec (0 m 0 s)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">www-data@ZendTo5:~$
clamdscan --verbose --fdpass /var/zendto/*<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">/var/zendto/incoming:
OK<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">/var/zendto/library:
OK<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">ERROR:
Could not connect to clamd on LocalSocket
/var/run/clamav/clamd.ctl: No such file or directory<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">-----------
SCAN SUMMARY -----------<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Infected
files: 0<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Total
errors: 6<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:9.0pt;color:#1F497D">Time:
0.000 sec (0 m 0 s)</span><span
style="font-size:9.0pt;color:windowtext"><o:p></o:p></span></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="color:windowtext">derek<o:p></o:p></span></p>
<p class="MsoNormal"><span style="color:red"><o:p> </o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Jules Field
[<a class="moz-txt-link-freetext" href="mailto:Jules@Zend.To">mailto:Jules@Zend.To</a>]
<br>
<b>Sent:</b> Thursday, July 26, 2018 11:13 AM<br>
<b>To:</b> Pedrosi, Derek G.
<a class="moz-txt-link-rfc2396E" href="mailto:pedrosi@millercanfield.com"><pedrosi@millercanfield.com></a>; ZendTo Users
<a class="moz-txt-link-rfc2396E" href="mailto:zendto@zend.to"><zendto@zend.to></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<span
style="font-size:12.0pt"><o:p></o:p></span></p>
<div>
<p class="MsoNormal">On 26/07/2018 16:07, Pedrosi, Derek G.
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">Jules,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">I’m the only
one with ANY access to this system (other than web), and I
was on vacation.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif">Hence my suggestion of some*thing*.<br>
Such as your cron daemon, which appears to have been
installing updates (they might well have been tagged as
security updates, so got automatically installed).<br>
<br>
Having read your lines below, have you tried this bit I
suggested in my original reply to you?<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data
user a real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the
web server user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
What does that lot output?<br>
<br>
You not only need to get the location of the LocalSocket
correct enough for clamd to start and clamdscan to talk to
it, but freshclam.conf needs to know where it is too, or
else freshclam can't tell clamd that its signatures have
been updated and hence needs to restart itself.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<o:p></o:p></span></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Nevertheless,
I’ve comment out the stats lines in clamd.conf and then I
received this error.</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan preferences.php</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">ERROR: Could not
connect to clamd on LocalSocket /var/run/clamav/clamd.ctl:
No such file or directory</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">----------- SCAN
SUMMARY -----------</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Infected files: 0</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Total errors: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Time: 0.000 sec (0 m
0 s)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Likewise in
ZendTo the log shows…</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:8.0pt;font-family:"Courier New
;color:#162637",serif">Error: Virus scan of
dropped-off files /var/zendto/incoming/phpSAkd0U for
dgpedrosi failed with ERROR: Could not connect to clamd on
LocalSocket /var/run/clamav/clamd.ctl: No such file or
directory ----------- SCAN SUMMARY ----------- Infected
files: 0 Total errors: 1 Time: 0.000 sec (0 m 0 s)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Then from
clamd.conf I commented out these lines</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">#LocalSocket
/var/run/clamav/clamd.ctl</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">#FixStaleSocket true</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">And now I can
run a command line scan without error:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan preferences.php</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">----------- SCAN
SUMMARY -----------</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Infected files: 0</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Total errors: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">Time: 0.000 sec (0 m
0 s)</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">But ZendTo
will still not AV scan, from the ZendTo log:</span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier New
;color:#162637",serif">Error: Virus scan of
dropped-off files /var/zendto/incoming/phpcz1Ojf for
dgpedrosi failed with ----------- SCAN SUMMARY
----------- Infected files: 0 Total errors: 1 Time: 0.000
sec (0 m 0 s)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Also, I’m
running Ubuntu 16.04.4 LTS no clamd service to be found:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
service --status-all</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] acpid</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ]
apache-htcacheclean</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] apache2</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] apparmor</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] apport</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] atd</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ - ] bootmisc.sh</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ - ] checkfs.sh</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ - ]
checkroot-bootclean.sh</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ - ] checkroot.sh</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ - ] clamav-daemon</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ]
clamav-freshclam</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] console-setup</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:8.0pt;color:#1F497D">[ + ] cron</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">But I did
reboot the server, and I’m still seeing the issue.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">???</span><o:p></o:p></p>
<div>
<div>
<div>
<p class="MsoNormal"><span style="color:red"> </span><o:p></o:p></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> Jules Field [<a
href="mailto:Jules@Zend.To" moz-do-not-send="true">mailto:Jules@Zend.To</a>]
<br>
<b>Sent:</b> Thursday, July 26, 2018 10:27 AM<br>
<b>To:</b> Pedrosi, Derek G. <a
href="mailto:pedrosi@millercanfield.com"
moz-do-not-send="true"><pedrosi@millercanfield.com></a>;
ZendTo Users
<a href="mailto:zendto@zend.to" moz-do-not-send="true"><zendto@zend.to></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<o:p></o:p></p>
<div>
<p class="MsoNormal">On 26/07/2018 14:50, Pedrosi, Derek G.
wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">This is my
production server, and no changes were made;</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif">Ah, the famous "But I didn't change
anything" defence. :-) :-)<br>
<br>
<br>
</span><o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D">it just
started throwing the error.</span><o:p></o:p></p>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif">Ah, but changes *were* made. Just
possibly not by you. :-)<br>
Someone (or more likely some*thing*) did a "yum upgrade"
or an "apt upgrade", and replaced the copy of ClamAV that
was running.<br>
You see that file "clamd.conf.ucf-dist" in your "ls -al"
output below? That was modified yesterday morning, which
is probably shortly before it all stopped working.<br>
<br>
From your /etc/clamav/clamd.conf file, based on the output
from "clamdscan" below, you should remove the lines that
start "AllowSupplementaryGroups" and "StatsEnabled". Then
restart the clamd service ("service clamd restart" will
*probably* do the trick on almost any Linux variant). Then
try that clamdscan command again and see if it gets
further.<br>
<br>
Cheers,<br>
Jules.<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">Running
clamdscan:</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
/usr/bin/clamdscan --stdout preferences.php</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">WARNING: Ignoring
deprecated option AllowSupplementaryGroups at line 11</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ERROR: Parse error
at line 79: Unknown option StatsEnabled</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ERROR: Can't parse
clamd configuration file /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
clamscan --version</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">ClamAV
0.100.1/24784/Thu Jul 26 04:44:34 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
nano /etc/clamav/clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">root@ZendTo5:/opt/zendto/config#
ls /etc/clamav -la</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">total 36</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 5
root root 4096 Jul 26 09:49 .</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 94
root root 4096 Jul 25 06:06 ..</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1
root root 2059 Mar 5 10:19 clamd.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1
root root 1999 Jul 25 06:06 clamd.conf.ucf-dist</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-rw-r--r-- 1
root root 2060 Mar 5 10:19 clamd.conf.zendto</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">-r--r--r-- 1
clamav adm 702 Jul 25 06:06 freshclam.conf</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2
root root 4096 Jan 29 11:14 onerrorexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2
root root 4096 Jan 29 11:14 onupdateexecute.d</span><o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:9.0pt;color:#1F497D">drwxr-xr-x 2
root root 4096 Jan 29 11:14 virusevent.d</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D">derek</span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="color:#1F497D"> </span><o:p></o:p></p>
<div>
<div style="border:none;border-top:solid #E1E1E1
1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="color:windowtext">From:</span></b><span
style="color:windowtext"> ZendTo [<a
href="mailto:zendto-bounces@zend.to"
moz-do-not-send="true">mailto:zendto-bounces@zend.to</a>]
<b>On Behalf Of </b>Jules Field via ZendTo<br>
<b>Sent:</b> Wednesday, July 25, 2018 12:26 PM<br>
<b>To:</b> Pedrosi, Derek G. via ZendTo <a
href="mailto:zendto@zend.to"
moz-do-not-send="true"><zendto@zend.to></a>;
ZendTo Users
<a href="mailto:zendto@zend.to"
moz-do-not-send="true"><zendto@zend.to></a><br>
<b>Cc:</b> Jules Field <a
href="mailto:Jules@Zend.To" moz-do-not-send="true"><Jules@Zend.To></a><br>
<b>Subject:</b> Re: [ZendTo] ClamAV fail</span><o:p></o:p></p>
</div>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal" style="margin-bottom:12.0pt">Derek,<br>
<br>
Testing it with "clamscan" won't help. It's "clamdscan"
that has to work, which is a very different beast.<br>
"clamscan" just does it all at once (which is why it takes
so long).<br>
"clamdscan" uses the "clamd" process to actually do the
scanning, and hence is much faster as there's no startup
time while it loads and compiles all the virus signatures.<br>
<br>
If it works with a small text file, but not an archive or
docx file, then you've probably run out of disk space in
wherever clamd is trying to unpack the archive.<br>
<br>
Otherwise, it is almost always permissions/ownership
problems.<br>
You shouldn't do any harm by fetching a new copy of the
ZendTo installer and *just* doing the "Setup ClamAV"
section.<br>
<br>
If you want to test it by hand, you need to do this:<br>
Edit the /etc/passwd file and give your apache or www-data
user a real shell such as /bin/bash.<br>
"pwconv" (that makes the /etc/shadow file).<br>
"su - apache" (or "su - www-data") to properly become the
web server user.<br>
clamdscan /var/zendto/*<br>
clamdscan --fdpass /var/zendto/*<br>
<br>
If both of those succeed, then start a big upload going in
ZendTo. This will force some data (with the right
permissions) into /var/zendto/incoming. While it's
running, do "clamdscan /var/zendto/incoming/*" and
"clamdscan --fdpass /var/zendto/incoming/*".<br>
<br>
By the time you've done all that lot, you've probably got
some errors from ClamAV which will help narrow down the
cause.<br>
<br>
When you've fixed it, remember to put your "/etc/passwd"
file back so the shell says "/sbin/nologin" and run the
"pwconv" command again.<br>
<br>
Hope that helps,<br>
Jules.<br>
<br>
<br>
<br>
<o:p></o:p></p>
<div>
<p class="MsoNormal">On 25/07/2018 17:04, Pedrosi, Derek
G. via ZendTo wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal">Suddenly, my drops are no longer
being scanned by AV and users were unable to drop
files. No changes were made.<o:p></o:p></p>
<p class="MsoNormal">User see this…<o:p></o:p></p>
<table class="MsoNormalTable" style="width:100.0%"
width="100%" border="0" cellpadding="0">
<tbody>
<tr>
<td style="padding:7.5pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">Upload
Error</span></b><o:p></o:p></p>
</td>
</tr>
<tr>
<td style="padding:6.0pt .75pt .75pt .75pt"><br>
</td>
<td style="padding:6.0pt .75pt .75pt .75pt">
<p class="MsoNormal"><b><span
style="font-family:"roboto",serif;color:#162637">The
attempt to virus-scan your drop-off failed.
Please notify the system administrator.</span></b><o:p></o:p></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">I’ve since disable AV scan from the
preferences.php (it was 'clamdscan' =>
'/usr/bin/clamdscan --stdout --fdpass',) and now users
can drop files.<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">The details…<o:p></o:p></p>
<p class="MsoNormal">From ZendTo log…<o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New",serif">2018-07-25 08:22:31 172.16.0.103
[XXXX]: Error: Virus scan of dropped-off files
/var/zendto/incoming/phpLfUrV9
/var/zendto/incoming/phpf6ExDv for USER failed with </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New",serif"> </span><o:p></o:p></p>
<p class="MsoNormal" style="background:white"><span
style="font-size:10.0pt;font-family:"Courier
New",serif"> </span><o:p></o:p></p>
<p class="MsoNormal">From the /var/log/clamav dir:<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail freshclam.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:02:09 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:24 2018 -> Update process terminated</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 -> freshclam daemon 0.100.1
(OS: linux-gnu, ARCH: x86_64, CPU: x86_64)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 -> ClamAV update process
started at Wed Jul 25 11:44:25 2018</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 -> main.cvd is up to date
(version: 58, sigs: 4566249, f-level: 60, builder:
sigmgr)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 -> daily.cld is up to date
(version: 24781, sigs: 2024541, f-level: 63, builder:
neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 -> bytecode.cld is up to date
(version: 325, sigs: 90, f-level: 63, builder: neo)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 11:44:25 2018 ->
--------------------------------------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">root@ZendTo5:/var/log/clamav#
tail clamav.log</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 04:47:22 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 04:57:22 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:07:22 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:17:22 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:27:13 2018 -> Reading databases from
/var/lib/clamav</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:27:27 2018 -> Database correctly reloaded
(6584590 signatures)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:37:27 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:47:27 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 05:57:27 2018 -> SelfCheck: Database status
OK.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:10.0pt">Wed
Jul 25 06:05:55 2018 -> --- Stopped at Wed Jul 25
06:05:55 2018</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Now, I can scan files manually via
the command line…<o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">clamscan
--verbose /var/log/</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">-----------
SCAN SUMMARY -----------</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Known
viruses: 6584590</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Engine
version: 0.100.1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
directories: 1</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Scanned
files: 43</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Infected
files: 0</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data
scanned: 8.88 MB</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Data
read: 1.75 MB (ratio 5.07:1)</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:9.0pt">Time:
19.976 sec (0 m 19 s)</span><o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">Anywhere else to look?<o:p></o:p></p>
<p class="MsoNormal"> <o:p></o:p></p>
<p class="MsoNormal">derek<o:p></o:p></p>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><br>
<br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>ZendTo mailing list<o:p></o:p></pre>
<pre><a href="mailto:ZendTo@zend.to" moz-do-not-send="true">ZendTo@zend.to</a><o:p></o:p></pre>
<pre><a href="http://jul.es/mailman/listinfo/zendto" moz-do-not-send="true">http://jul.es/mailman/listinfo/zendto</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><br>
<br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>Malin, Hebrides: South 5 to 7, occasionally 4 at first. Slight or moderate,<o:p></o:p></pre>
<pre>becoming rough in west. Rain later. Good, occasionally poor.<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New Roman
,serif",serif"><br>
<br>
<br>
</span><o:p></o:p></p>
<pre>Jules<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre>'Ensanguining the skies<o:p></o:p></pre>
<pre> How heavily it dies<o:p></o:p></pre>
<pre> Into the west away;<o:p></o:p></pre>
<pre> Past touch and sight and sound<o:p></o:p></pre>
<pre> Not further to be found,<o:p></o:p></pre>
<pre> How hopeless under ground<o:p></o:p></pre>
<pre> Falls the remorseful day.' - A.E.Houseman<o:p></o:p></pre>
<pre> <o:p></o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><span
style="font-size:12.0pt;font-family:"Times New
Roman",serif"><br>
<br>
<o:p></o:p></span></p>
<pre>Jules<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>-- <o:p></o:p></pre>
<pre>Julian Field MEng CEng CITP MBCS MIEEE MACM<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre>'We face neither East nor West: we face forward.' - Kwame Nkrumah<o:p></o:p></pre>
<pre><o:p> </o:p></pre>
<pre><a href="http://www.Zend.To" moz-do-not-send="true">www.Zend.To</a><o:p></o:p></pre>
<pre>Twitter: @JulesFM<o:p></o:p></pre>
<pre>PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654<o:p></o:p></pre>
</div>
</blockquote>
<br>
<pre class="moz-signature" cols="72">Jules
--
Julian Field MEng CEng CITP MBCS MIEEE MACM
'Always do sober what you said you'd do drunk. That will teach you
to keep your mouth shut.' - Ernest Hemingway
<a class="moz-txt-link-abbreviated" href="http://www.Zend.To">www.Zend.To</a>
Twitter: @JulesFM
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
</pre>
</body>
</html>