Discussion:
[clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"
Doug Ingham
2018-10-30 21:22:52 UTC
Permalink
Hi all,
For some reason, clamdscan is returning a permissions error for files it
has read access to.

I've copied some output below to help show the situation...

==============================================
***@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

***@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

***@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf
nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

***@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

***@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x 2 clamav clamav 45 Out 30 12:29 .
drwxrwxr-x 16 root syslog 4096 Out 30 15:41 ..
-rw-r----- 1 clamav adm 10914 Out 30 17:12 clamav.log
-rw-r----- 1 clamav adm 2352 Out 30 15:17 freshclam.log

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf
/var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==============================================

To quote Aristotle, "WTF?"

Any help appreciated!
--
Doug
SCOTT PACKARD
2018-10-30 21:29:28 UTC
Permalink
You'd want to:
ls -ld /
ls -ld /var
ls -ld /var/www
l s-ld /var/www/nc_data
and make sure user www-data has at least read and execute permissions to the parent directories.
You probably have removed read and execute from other, so clamdscan can't go down in the
directory hierarchy to get to /var/www/nc_data/.

Regards, Scott


From: clamav-users [mailto:clamav-users-***@lists.clamav.net] On Behalf Of Doug Ingham
Sent: Tuesday, October 30, 2018 2:23 PM
To: clamav-***@lists.clamav.net
Subject: [External] [clamav-users] Clam user has read permissions, but I still get "lstat() failed: Permission denied"

Hi all,
For some reason, clamdscan is returning a permissions error for files it has read access to.
I've copied some output below to help show the situation...

==============================================
***@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

***@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

***@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
***@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

***@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x 2 clamav clamav 45 Out 30 12:29 .
drwxrwxr-x 16 root syslog 4096 Out 30 15:41 ..
-rw-r----- 1 clamav adm 10914 Out 30 17:12 clamav.log
-rw-r----- 1 clamav adm 2352 Out 30 15:17 freshclam.log

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf /var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==============================================
To quote Aristotle, "WTF?"

Any help appreciated!
--
Doug
Scott Kitterman
2018-10-30 21:45:41 UTC
Permalink
Apparmor/SE Linux is another possibility.

Scott K
Post by SCOTT PACKARD
ls -ld /
ls -ld /var
ls -ld /var/www
l s-ld /var/www/nc_data
and make sure user www-data has at least read and execute permissions
to the parent directories.
You probably have removed read and execute from other, so clamdscan can't go down in the
directory hierarchy to get to /var/www/nc_data/.
Regards, Scott
Sent: Tuesday, October 30, 2018 2:23 PM
Subject: [External] [clamav-users] Clam user has read permissions, but
I still get "lstat() failed: Permission denied"
Hi all,
For some reason, clamdscan is returning a permissions error for files it has read access to.
I've copied some output below to help show the situation...
==============================================
User clamav
www-data:x:33:clamav
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/
--config-file=/etc/clamav/clamd.conf nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
[correct directory contents listed]
total 20
drwxr-xr-x 2 clamav clamav 45 Out 30 12:29 .
drwxrwxr-x 16 root syslog 4096 Out 30 15:41 ..
-rw-r----- 1 clamav adm 10914 Out 30 17:12 clamav.log
-rw-r----- 1 clamav adm 2352 Out 30 15:17 freshclam.log
--config-file=/etc/clamav/clamd.conf /var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==============================================
To quote Aristotle, "WTF?"
Any help appreciated!
--
Doug
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Doug Ingham
2018-10-30 22:01:40 UTC
Permalink
Post by SCOTT PACKARD
and make sure user www-data has at least read and execute permissions
If www-data didn't have r/w access to that directory, my site would be
broken!
Post by SCOTT PACKARD
Post by Doug Ingham
[correct directory contents listed]
I do normally mount /var noexec, however I had to remount it exec when I
ran dpkg-reconfigure, so that's not it. I've just tested it with /tmp also
mounted exec, however that still didn't fix the problem.
Post by SCOTT PACKARD
Apparmor/SE Linux is another possibility.
Neither are installed on this server.

BTW, I'm running Ubuntu 16.04 & ClamAV 0.100.2/25075/Mon.
--
Doug
Scott Kitterman
2018-10-30 22:08:09 UTC
Permalink
Post by Doug Ingham
Post by SCOTT PACKARD
and make sure user www-data has at least read and execute permissions
If www-data didn't have r/w access to that directory, my site would be
broken!
Post by SCOTT PACKARD
Post by Doug Ingham
[correct directory contents listed]
I do normally mount /var noexec, however I had to remount it exec when I
ran dpkg-reconfigure, so that's not it. I've just tested it with /tmp also
mounted exec, however that still didn't fix the problem.
Post by SCOTT PACKARD
Apparmor/SE Linux is another possibility.
Neither are installed on this server.
BTW, I'm running Ubuntu 16.04 & ClamAV 0.100.2/25075/Mon.
Did you explicitly remove Apparmor? It's shipped by default in Ubuntu and the
Ubuntu clamav has an Apparmor profile included.

Scott K

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Doug Ingham
2018-11-06 22:55:45 UTC
Permalink
Sorry, for the delay in replying, and many thanks to those who did.
Post by Scott Kitterman
Did you explicitly remove Apparmor? It's shipped by default in Ubuntu and the
Ubuntu clamav has an Apparmor profile included.
That was exactly it! I was unaware of Apparmor now coming enabled by
default. It's the first time it's ever caused me any issues.

For anyone looking for a fix in the future, do the following:
1. Uncomment the local config include at the bottom of
"/etc/apparmor.d/usr.sbin.clamd"
2. Add the system paths clamd should have access to in
"/etc/apparmor.d/local/usr.sbin.clamd"
3. Reload the apparmor service

Many thanks for your help all!
--
Doug
Pierre Dehaen
2018-10-31 09:12:23 UTC
Permalink
Hi,

I would try:

# ps -ef | grep clamd
==> see owner (as you are running clamdscan): if it is not clamav it means there is another
config file or an option in the startup procedure...

# sudo -u clamav clamscan -v --config-file=/etc/clamav/clamd.conf nc_data/
==> it should work as we are running as clamav

# strace -o /tmp/strace.out -fp "`pgrep clamd`" &
# clamdscan -v --config-file=/etc/clamav/clamd.conf nc_data/
# kill %1
# more /tmp/strace.out
==> analyze

Pierre

On 30 Oct 2018 at 18:22, Doug Ingham wrote:

Hi all,
For some reason, clamdscan is returning a permissions error for files it has read access to.

I've copied some output below to help show the situation...

==============================================
***@arquivos0:/var/www# grep User /etc/clamav/clamd.conf
User clamav

***@arquivos0:/var/www# grep clamav /etc/group
www-data:x:33:clamav
clamav:x:121:

***@arquivos0:/var/www# ls -ld nc_data/
drwxrwx--- 59 www-data www-data 4096 Out 22 08:40 nc_data/

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf nc_data/
/var/www/nc_data: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

***@arquivos0:/var/www# sudo -u clamav ls nc_data/
[correct directory contents listed]

***@arquivos0:/var/www# ls -al /var/log/clamav/
total 20
drwxr-xr-x 2 clamav clamav 45 Out 30 12:29 .
drwxrwxr-x 16 root syslog 4096 Out 30 15:41 ..
-rw-r----- 1 clamav adm 10914 Out 30 17:12 clamav.log
-rw-r----- 1 clamav adm 2352 Out 30 15:17 freshclam.log

***@arquivos0:/var/www# clamdscan -v --config-file=/etc/clamav/clamd.conf
/var/log/clamav/
/var/log/clamav: lstat() failed: Permission denied. ERROR
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
==============================================

To quote Aristotle, "WTF?"

Any help appreciated!
--
Doug
Loading...