capote
August 22, 2021, 2:22pm
1
NethServer Version: 7.9
Hi, last days I got error notification mails like:
Message List
Sun Aug 22 02:54:01 2021
Scanned Folder: /WARNING: Can’t open file /sys/fs/xfs/dm-0/stats/stats_clear: Permission denied
Does anyone know this error and is there a solution?
Best regards, Marko
mark_nl
August 22, 2021, 3:21pm
2
only see this kind of stuff if I"m fooling around with a kernel on a device with is not really supported by that kernel. /sys is a virtual file system where the kernel exposes the devices and their drivers to user space.
So from my (brief) scanning of your reported issue it looks like the kernel on this system is in distress… which is quite alarming…
Or clamav is trying to do stuff it is not allowed to do…re installed recently?re installs which may have messed uid/gid up…)
EDIT 3th thought:/sys are (virtual) files even root can not touch
capote
August 22, 2021, 11:32pm
3
mark_nl:
is not really supported
I use this server round about a year w/o such problems, it is a standard KVM-Server
is clamav re installed recently?
No, it runs the hole time.
Does clamav scan the hole rootfs
I use it with standard configuration out of the box. I didn’t change anything.
Thank you for your thoughts, MArko
capote
August 22, 2021, 11:37pm
4
I disabled the scanning. After re-enabling comes an error message
mark_nl
August 23, 2021, 6:19am
5
Is /sys present on your system, (as root) ls -l /sys ?
or mount | grep sysfs
capote
August 23, 2021, 7:31am
6
yes, it is:
[root@srv01 ~]# mount | grep sysfs
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
mark_nl
August 23, 2021, 7:44am
7
Still there is “something” not right there causing ClamAV not to except the exclusion of /sys.
1 Like
capote
August 23, 2021, 7:47am
8
I use exactly the same cloud server type for another Nethserver without problems
mark_nl
August 23, 2021, 7:50am
9
DANGERZONE (hope this is clear !)
you may try to remount sysfs
mount -o remount,rw,nosuid,nodev,noexec,relatime -t sysfs sysfs /sys
1 Like
capote
August 23, 2021, 7:53am
10
I did it (also a reboot). The error persists.
Maybe i should remove clamscan completely once and reinstall? However, I am not sure how to remove the package without leaving any residue to avoid artifacts.
mark_nl
August 23, 2021, 8:07am
11
I think we need to ping @stephdl
In preparation of this:
config show clamscan
and you may try to reconfigure the module manually by:signal-event nethserver-clamscan-update
EDIT: and of courserpm -qa | grep nethserver-clamscan
capote
August 23, 2021, 8:18am
12
mark_nl:
config show clamscan
config show clamscan
[root@srv01 /]# config show clamscan
rpm -qa | grep nethserver-clamscan
nethserver-clamscan-1.0.4-1.ns7.sdl.noarch
I did: signal-event nethserver-clamscan-update
mark_nl
August 23, 2021, 8:21am
13
This is not right, maybe related to:
committed 01:28PM - 09 Aug 21 UTC
Recover and exclude a file
Change the split validator from \n to ,
capote
August 23, 2021, 8:24am
14
mark_nl:
This is not right,
It works on my second server well.@stephdl can help.
Thank you Mark!
mark_nl
August 23, 2021, 8:27am
15
config setprop clamscan Exclude /boot,/proc,/sys,/usr/share/doc
config show clamscan
capote
August 23, 2021, 8:27am
16
mark_nl:
config show clamscan
[root@srv01 /]# config setprop clamscan Exclude /boot,/proc,/sys,/usr/share/doc
Error persists
capote
August 23, 2021, 8:29am
18
config setprop clamscan Exclude /boot …?
mark_nl
August 23, 2021, 8:31am
19
the db is corrupted… whatever you set that false (corrupt) entry persists.
capote
August 23, 2021, 8:33am
20
if I config setprop clamscan Exclude /proc,/sys,/usr/share/doc/boot
as they belong to the kernel.
