ClamAV: WARNING: Can't open file ... Permission denied

Support
21

OMG, is it possible to fix it?

22

this is what i mean to say there are two entries for Exclude the second one in corrupted

1 Like
23

SOS @stephdl
:face_with_monocle:

24

I used cockpit to remove /boot

image
image1470×248 8.86 KB

[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
Exclude=/boot,/proc,/sys,/usr/share/doc
FilesystemScan=now
FilesystemScanExclude=/proc,/sys,/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=7d
JobHour=2h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=enabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=enabled
status=enabled
[root@srv01 ~]#

25

I reproduced the bug , after enabling Clamscan this is how the db looks like here:

config show clamscan 
clamscan=configuration
    AlgoDetection=disabled
    BlockEncrypted=disabled
    BlockMacros=disabled
    Bytecode=enabled
    BytecodeTimout=120000
    BytecodeUnsigned=disabled
    DetectBroken=disabled
    DetectPua=disabled
    DetectStructured=disabled
    FilesystemScan=daily
    FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
    FilesystemScanFilesystems=/
    FilesystemScanReportTo=root
    FilesystemScanUnofficialSigs=disabled
    IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
    JobDay=6d
    JobHour=0h
    MaxScanFile=45
    PartInstersection=disabled
    PhishingScanUrl=disabled
    PhishingSigs=disabled
    Quarantine=disabled
    QuarantineDirectory=/var/spool/clamav/quarantine
    ScanArchive=enabled
    ScanElf=enabled
    ScanHTML=enabled
    ScanHwp=enabled
    ScanMail=enabled
    ScanOle2=enabled
    ScanPdf=enabled
    ScanPe=enabled
    ScanSwf=enabled
    ScanXML=enabled
    customSettings=
    reallyWantToMove=disabled
    status=disabled

Note :

    FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
1 Like
26

I checked within my second server:

config show clamscan

[root@ns-srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=enabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=enabled
DetectBroken=disabled
DetectPua=enabled
DetectStructured=disabled
FilesystemScan=daily
FilesystemScanExclude=/tmp/,/boot,/proc,/sys,/usr/share/doc,/etc/suricata/rules/,/var/lib/clamav-unofficial-sigs/
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=1h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=enabled
PhishingSigs=enabled
Quarantine=disabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=disabled
status=enabled
[root@ns-srv01 ~]#

27

DANGER ZONE kind of fixed it with:

config delete clamscan
signal-event nethserver-clamscan-update
2 Likes
28

[root@srv01 ~]# config delete clamscan
[root@srv01 ~]# signal-event nethserver-clamscan-update
[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
FilesystemScan=daily
FilesystemScanExclude=/boot
/proc
/sys
/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=0h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=disabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=disabled
status=disabled
[root@srv01 ~]#

29

And does it work now?

30

after this fix Clamscan was disabled. I was able to re-enable ClamScan and the error seems to be gone.

image
image1616×948 65.6 KB

config show clamscan

[root@srv01 ~]# config show clamscan
clamscan=configuration
AlgoDetection=disabled
BlockEncrypted=disabled
BlockMacros=disabled
Bytecode=enabled
BytecodeTimout=120000
BytecodeUnsigned=disabled
DetectBroken=disabled
DetectPua=disabled
DetectStructured=disabled
FilesystemScan=weekly
FilesystemScanExclude=/boot,/proc,/sys,/usr/share/doc
FilesystemScanFilesystems=/
FilesystemScanReportTo=root
FilesystemScanUnofficialSigs=disabled
IncludePua=Packed,PwTool,NetTool,P2P,IRC,RAT,Tool,Spy,Server,Script
JobDay=6d
JobHour=0h
MaxScanFile=45
PartInstersection=disabled
PhishingScanUrl=disabled
PhishingSigs=disabled
Quarantine=enabled
QuarantineDirectory=/var/spool/clamav/quarantine
ScanArchive=enabled
ScanElf=enabled
ScanHTML=enabled
ScanHwp=enabled
ScanMail=enabled
ScanOle2=enabled
ScanPdf=enabled
ScanPe=enabled
ScanSwf=enabled
ScanXML=enabled
customSettings=
reallyWantToMove=enabled
status=enabled
[root@srv01 ~]#

Thank you very much!

31

@stephdl open an Issue, although not sure my analysis is right

Maybe the migrate script can be of influence too

3 Likes
32

I changed the default property FilesystemScanExclude to a comma split, but this does not explain why the db property was corrupted

:-?

33

The migrate script replaces the separator from \n to ,, it doesn’t modify another property, fun