Discussion:
[clamav-users] Help With clamscan vs clamdscan
Michael Newman
2018-08-20 10:55:34 UTC
Permalink
Mac 10.13.6

clamd is running:

MrMuscle:~ mnewman$ ps -A | grep -m1 clamd
31610 ?? 0:10.14 clamd

When I run clamscan it works and detects a known problem.

But, when I run clamdscan on the same directory, it just instantly stops without scanning.

What have I done wrong?

MrMuscle:~ mnewman$ clamscan -i ~/bin
/Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND

----------- SCAN SUMMARY -----------
Known viruses: 6615382
Engine version: 0.100.1
Scanned directories: 1
Scanned files: 58
Infected files: 1
Data scanned: 0.24 MB
Data read: 0.18 MB (ratio 1.30:1)
Time: 10.544 sec (0 m 10 s)

MrMuscle:~ mnewman$ clamdscan -i ~/bin

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Al Varnell
2018-08-20 11:01:15 UTC
Permalink
Please post the results of the following Terminal Command:

sudo clamconf

-Al-
Post by Michael Newman
Mac 10.13.6
MrMuscle:~ mnewman$ ps -A | grep -m1 clamd
31610 ?? 0:10.14 clamd
When I run clamscan it works and detects a known problem.
But, when I run clamdscan on the same directory, it just instantly stops without scanning.
What have I done wrong?
MrMuscle:~ mnewman$ clamscan -i ~/bin
/Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6615382
Engine version: 0.100.1
Scanned directories: 1
Scanned files: 58
Infected files: 1
Data scanned: 0.24 MB
Data read: 0.18 MB (ratio 1.30:1)
Time: 10.544 sec (0 m 10 s)
MrMuscle:~ mnewman$ clamdscan -i ~/bin
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
Maarten Broekman
2018-08-20 11:04:01 UTC
Permalink
Check the logs and config files.
Clamscan loads the databases itself before running. It does not need clamd to be running in order to work.

Clamdscan attempts to use a socket to talk with clamd for the scanning of files. If there is an error, one of two things is happening:
Either the permissions on the socket aren’t allow clamdscan (as you) to use it,
Or clamd isn’t listening on it.

Maarten

Sent from a tiny keyboard
Post by Michael Newman
Mac 10.13.6
MrMuscle:~ mnewman$ ps -A | grep -m1 clamd
31610 ?? 0:10.14 clamd
When I run clamscan it works and detects a known problem.
But, when I run clamdscan on the same directory, it just instantly stops without scanning.
What have I done wrong?
MrMuscle:~ mnewman$ clamscan -i ~/bin
/Users/mnewman/bin/wacaw: Osx.Malware.Agent-1760787 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 6615382
Engine version: 0.100.1
Scanned directories: 1
Scanned files: 58
Infected files: 1
Data scanned: 0.24 MB
Data read: 0.18 MB (ratio 1.30:1)
Time: 10.544 sec (0 m 10 s)
MrMuscle:~ mnewman$ clamdscan -i ~/bin
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://w
Matus UHLAR - fantomas
2018-08-20 11:05:00 UTC
Permalink
Post by Michael Newman
MrMuscle:~ mnewman$ ps -A | grep -m1 clamd
31610 ?? 0:10.14 clamd
When I run clamscan it works and detects a known problem.
But, when I run clamdscan on the same directory, it just instantly stops without scanning.
What have I done wrong?
MrMuscle:~ mnewman$ clamdscan -i ~/bin
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
clamd is running under a user that must have read/execude permissions for
your ~/bin directory.
--
Matus UHLAR - fantomas, ***@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
"The box said 'Requires Windows 95 or better', so I bought a Macintosh".
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Hajo Locke
2018-08-20 11:54:42 UTC
Permalink
Hello,
Post by Matus UHLAR - fantomas
Post by Michael Newman
MrMuscle:~ mnewman$ ps -A | grep -m1 clamd
31610 ??         0:10.14 clamd
When I run clamscan it works and detects a known problem.
But, when I run clamdscan on the same directory, it just instantly
stops without scanning.
What have I done wrong?
MrMuscle:~ mnewman$ clamdscan -i ~/bin
----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)
clamd is running under a user that must have read/execude permissions for
your ~/bin directory.
yes, and files itself should be readable.

But may be you hit the same problem like me a few das ago:
http://lists.clamav.net/pipermail/clamav-users/2018-August/006712.html

Hajo

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Michael Newman
2018-08-20 21:31:36 UTC
Permalink
Post by Al Varnell
sudo clamconf
MrMuscle:~ mnewman$ sudo clamconf
Password:
Checking configuration files in /opt/local/etc

Config file: clamd.conf
-----------------------
BlockMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
ExtendedDetectionInfo disabled
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/opt/local/share/clamav"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "5"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled

Config file: freshclam.conf
---------------------------
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
PidFile disabled
DatabaseDirectory = "/opt/local/share/clamav"
Foreground disabled
Debug disabled
UpdateLogFile disabled
DatabaseOwner = "clamav"
Checks = "12"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.TH.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "3"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/opt/local/etc/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"

clamav-milter.conf not found

Software settings
-----------------
Version: 0.100.1
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV RAR

Database information
--------------------
Database directory: /opt/local/share/clamav
daily.cvd: version 24859, sigs: 2055376, built on Mon Aug 20 15:44:44 2018
main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017
bytecode.cvd: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018
Total number of signatures: 6621716

Platform information
--------------------
uname: Darwin 17.7.0 Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT 2018; root x86_64
OS: darwin17.6.0, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x04235c5c0800000000040201

Build information
-----------------
Clang: 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2) (4.2.1)
CPPFLAGS: -I/opt/local/include -I/opt/local/include
CFLAGS: -pipe -Os -arch x86_64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS:
LDFLAGS: -L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64
Configure: '--prefix=/opt/local' '--mandir=/opt/local/share/man' '--with-zlib=/opt/local' '--with-openssl=/opt/local' '--with-pcre=/opt/local' '--with-xml=/opt/local' '--disable-silent-rules' '--enable-llvm=no' 'CC=/usr/bin/clang' 'CFLAGS=-pipe -Os -arch x86_64' 'LDFLAGS=-L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64' 'CPPFLAGS=-I/opt/local/include' --enable-ltdl-convenience
sizeof(void*) = 8
Engine flevel: 92, dconf: 92
MrMuscle:~ mnewman$
Maarten Broekman
2018-08-20 22:14:12 UTC
Permalink
For clamdscan to work you need to enable LocalSocket at the very least.
Post by Al Varnell
sudo clamconf
MrMuscle:~ mnewman$ sudo clamconf
Checking configuration files in /opt/local/etc
Config file: clamd.conf
-----------------------
BlockMax disabled
PreludeEnable disabled
PreludeAnalyzerName disabled
LogFile disabled
LogFileUnlock disabled
LogFileMaxSize = "1048576"
LogTime disabled
LogClean disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
ExtendedDetectionInfo disabled
PidFile disabled
TemporaryDirectory disabled
DatabaseDirectory = "/opt/local/share/clamav"
OfficialDatabaseOnly disabled
LocalSocket disabled
LocalSocketGroup disabled
LocalSocketMode disabled
FixStaleSocket = "yes"
TCPSocket disabled
TCPAddr disabled
MaxConnectionQueueLength = "200"
StreamMaxLength = "26214400"
StreamMinPort = "1024"
StreamMaxPort = "2048"
MaxThreads = "10"
ReadTimeout = "120"
CommandReadTimeout = "5"
SendBufTimeout = "500"
MaxQueue = "100"
IdleTimeout = "30"
ExcludePath disabled
MaxDirectoryRecursion = "15"
FollowDirectorySymlinks disabled
FollowFileSymlinks disabled
CrossFilesystems = "yes"
SelfCheck = "600"
DisableCache disabled
VirusEvent disabled
ExitOnOOM disabled
AllowAllMatchScan = "yes"
Foreground disabled
Debug disabled
LeaveTemporaryFiles disabled
User disabled
Bytecode = "yes"
BytecodeSecurity = "TrustSigned"
BytecodeTimeout = "5000"
BytecodeUnsigned disabled
BytecodeMode = "Auto"
DetectPUA disabled
ExcludePUA disabled
IncludePUA disabled
AlgorithmicDetection = "yes"
ScanPE = "yes"
ScanELF = "yes"
DetectBrokenExecutables disabled
ScanMail = "yes"
ScanPartialMessages disabled
PhishingSignatures = "yes"
PhishingScanURLs = "yes"
PhishingAlwaysBlockCloak disabled
PhishingAlwaysBlockSSLMismatch disabled
PartitionIntersection disabled
HeuristicScanPrecedence disabled
StructuredDataDetection disabled
StructuredMinCreditCardCount = "3"
StructuredMinSSNCount = "3"
StructuredSSNFormatNormal = "yes"
StructuredSSNFormatStripped disabled
ScanHTML = "yes"
ScanOLE2 = "yes"
OLE2BlockMacros disabled
ScanPDF = "yes"
ScanSWF = "yes"
ScanXMLDOCS = "yes"
ScanHWP3 = "yes"
ScanArchive = "yes"
ArchiveBlockEncrypted disabled
ForceToDisk disabled
MaxScanSize = "104857600"
MaxFileSize = "26214400"
MaxRecursion = "16"
MaxFiles = "10000"
MaxEmbeddedPE = "10485760"
MaxHTMLNormalize = "10485760"
MaxHTMLNoTags = "2097152"
MaxScriptNormalize = "5242880"
MaxZipTypeRcg = "1048576"
MaxPartitions = "50"
MaxIconsPE = "100"
MaxRecHWP3 = "16"
PCREMatchLimit = "100000"
PCRERecMatchLimit = "5000"
PCREMaxFileSize = "26214400"
ScanOnAccess disabled
OnAccessMountPath disabled
OnAccessIncludePath disabled
OnAccessExcludePath disabled
OnAccessExcludeRootUID disabled
OnAccessExcludeUID disabled
OnAccessMaxFileSize = "5242880"
OnAccessDisableDDD disabled
OnAccessPrevention disabled
OnAccessExtraScanning disabled
DevACOnly disabled
DevACDepth disabled
DevPerformance disabled
DevLiblog disabled
DisableCertCheck disabled
Config file: freshclam.conf
---------------------------
LogFileMaxSize = "1048576"
LogTime disabled
LogSyslog disabled
LogFacility = "LOG_LOCAL6"
LogVerbose disabled
LogRotate disabled
PidFile disabled
DatabaseDirectory = "/opt/local/share/clamav"
Foreground disabled
Debug disabled
UpdateLogFile disabled
DatabaseOwner = "clamav"
Checks = "12"
DNSDatabaseInfo = "current.cvd.clamav.net"
DatabaseMirror = "db.TH.clamav.net", "database.clamav.net"
PrivateMirror disabled
MaxAttempts = "3"
ScriptedUpdates = "yes"
TestDatabases = "yes"
CompressLocalDatabase disabled
ExtraDatabase disabled
DatabaseCustomURL disabled
HTTPProxyServer disabled
HTTPProxyPort disabled
HTTPProxyUsername disabled
HTTPProxyPassword disabled
HTTPUserAgent disabled
NotifyClamd = "/opt/local/etc/clamd.conf"
OnUpdateExecute disabled
OnErrorExecute disabled
OnOutdatedExecute disabled
LocalIPAddress disabled
ConnectTimeout = "30"
ReceiveTimeout = "30"
SafeBrowsing disabled
Bytecode = "yes"
clamav-milter.conf not found
Software settings
-----------------
Version: 0.100.1
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV RAR
Database information
--------------------
Database directory: /opt/local/share/clamav
daily.cvd: version 24859, sigs: 2055376, built on Mon Aug 20 15:44:44 2018
main.cvd: version 58, sigs: 4566249, built on Thu Jun 8 04:38:10 2017
bytecode.cvd: version 327, sigs: 91, built on Thu Aug 9 07:43:48 2018
Total number of signatures: 6621716
Platform information
--------------------
uname: Darwin 17.7.0 Darwin Kernel Version 17.7.0: Thu Jun 21 22:53:14 PDT
2018; root x86_64
OS: darwin17.6.0, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x04235c5c0800000000040201
Build information
-----------------
Clang: 4.2.1 Compatible Apple LLVM 9.1.0 (clang-902.0.39.2) (4.2.1)
CPPFLAGS: -I/opt/local/include -I/opt/local/include
CFLAGS: -pipe -Os -arch x86_64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE
-D_FILE_OFFSET_BITS=64
LDFLAGS: -L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64
Configure: '--prefix=/opt/local' '--mandir=/opt/local/share/man'
'--with-zlib=/opt/local' '--with-openssl=/opt/local'
'--with-pcre=/opt/local' '--with-xml=/opt/local' '--disable-silent-rules'
'--enable-llvm=no' 'CC=/usr/bin/clang' 'CFLAGS=-pipe -Os -arch x86_64'
'LDFLAGS=-L/opt/local/lib -Wl,-headerpad_max_install_names -arch x86_64'
'CPPFLAGS=-I/opt/local/include' --enable-ltdl-convenience
sizeof(void*) = 8
Engine flevel: 92, dconf: 92
MrMuscle:~ mnewman$
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Michael Newman
2018-08-20 23:45:04 UTC
Permalink
Post by Maarten Broekman
For clamdscan to work you need to enable LocalSocket at the very least.
Thank you. I had no idea what a socket was. Now I know.

I didn’t know where to put it, so I tried this:

LocalSocket /var/tmp/clamd.socket

It seems to have worked and now I can run clamdscan. I hope that’s OK.
Michael Newman
2018-08-21 01:31:20 UTC
Permalink
It appears to me from your other thread that you are using a Homebrew compiled installation. If that is the case, then you need to contact the package distributor (Homebrew) about any issues with their compilation.
Actually, it’s MacPorts, but, point taken. I’ve posted this inquiry on their mailing list.
But I really don't understand why you want to use sudo if everything is working for you. I personally never use sudo and never have seen a need to.
After ClamAV is installed, then what? How do I update / refresh the virus database?
You will need to edit the freshclam.conf.example file located in /usr/local/etc. Once that is done, you will need to run a 'sudo freshclam' to download the signatures. You will need to run the command to update signatures often so that ClamAV has the most up to date signatures.
But, since you say that sudo is not necessary and because it doesn’t work, I won’t use it anymore.

Thanks for your advice.

Mike
Micah Snyder (micasnyd)
2018-08-21 16:45:24 UTC
Permalink
Hi Mike,

It depends on whether what your clamav database directory's user permissions are set to. You shouldn't need freshclam if your user can write to the directory.

At this time, ClamAV relies on the installer (or sys admin) to configure the permissions.
If you install from source, the default install path places the database in /usr/local/share/clamav. On my mac, it doesn't require 'sudo' to write to that directory. If you installed from MacPorts or Homebrew, the installation path is different.

For homebrew it seems to use the Cellar location and also install symlinks in the default system locations (/usr/local/...):
/usr/local/Cellar/clamav/<version>/share/clamav
I guess MacPorts went with:
/opt/local/share/clamav)

On some systems, I believe they install to /usr/..., with the database then being in:
/usr/share/clamav.

I'm really not certain on the default permissions settings for each OS. I guess the TL;DR is that it isn't consistent across every OS. Sorry about the confusion.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Aug 20, 2018, at 9:31 PM, Michael Newman <***@mac.com<mailto:***@mac.com>> wrote:



Al Varnell wrote:

It appears to me from your other thread that you are using a Homebrew compiled installation. If that is the case, then you need to contact the package distributor (Homebrew) about any issues with their compilation.


Actually, it’s MacPorts, but, point taken. I’ve posted this inquiry on their mailing list.

But I really don't understand why you want to use sudo if everything is working for you. I personally never use sudo and never have seen a need to.


I "want" to use sudo because everything I’ve read says that’s what to do. For example, this in the GitHub FAQ:

After ClamAV is installed, then what? How do I update / refresh the virus database?

You will need to edit the freshclam.conf.example file located in /usr/local/etc. Once that is done, you will need to run a 'sudo freshclam' to download the signatures. You will need to run the command to update signatures often so that ClamAV has the most up to date signatures.

But, since you say that sudo is not necessary and because it doesn’t work, I won’t use it anymore.

Thanks for your advice.

Mike


_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Micah Snyder (micasnyd)
2018-08-21 18:27:12 UTC
Permalink
Woah, I need to proof-read my emails better. I meant to say, "You shouldn't need 'sudo' if your user can write to the directory.


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Aug 21, 2018, at 12:45 PM, Micah Snyder (micasnyd) <***@cisco.com<mailto:***@cisco.com>> wrote:

Hi Mike,

It depends on whether what your clamav database directory's user permissions are set to. You shouldn't need freshclam if your user can write to the directory.

At this time, ClamAV relies on the installer (or sys admin) to configure the permissions.
If you install from source, the default install path places the database in /usr/local/share/clamav. On my mac, it doesn't require 'sudo' to write to that directory. If you installed from MacPorts or Homebrew, the installation path is different.

For homebrew it seems to use the Cellar location and also install symlinks in the default system locations (/usr/local/...):
/usr/local/Cellar/clamav/<version>/share/clamav
I guess MacPorts went with:
/opt/local/share/clamav)

On some systems, I believe they install to /usr/..., with the database then being in:
/usr/share/clamav.

I'm really not certain on the default permissions settings for each OS. I guess the TL;DR is that it isn't consistent across every OS. Sorry about the confusion.

Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


On Aug 20, 2018, at 9:31 PM, Michael Newman <***@mac.com<mailto:***@mac.com>> wrote:



Al Varnell wrote:

It appears to me from your other thread that you are using a Homebrew compiled installation. If that is the case, then you need to contact the package distributor (Homebrew) about any issues with their compilation.


Actually, it’s MacPorts, but, point taken. I’ve posted this inquiry on their mailing list.

But I really don't understand why you want to use sudo if everything is working for you. I personally never use sudo and never have seen a need to.


I "want" to use sudo because everything I’ve read says that’s what to do. For example, this in the GitHub FAQ:

After ClamAV is installed, then what? How do I update / refresh the virus database?

You will need to edit the freshclam.conf.example file located in /usr/local/etc. Once that is done, you will need to run a 'sudo freshclam' to download the signatures. You will need to run the command to update signatures often so that ClamAV has the most up to date signatures.

But, since you say that sudo is not necessary and because it doesn’t work, I won’t use it anymore.

Thanks for your advice.

Mike


_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net<mailto:clamav-***@lists.clamav.net>
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Maarten Broekman
2018-08-21 02:50:57 UTC
Permalink
Yep. That's fine. /tmp or /var/tmp (or /run) is usually where it goes
anyway. Welcome to the ClamAV club :)
Post by Maarten Broekman
For clamdscan to work you need to enable LocalSocket at the very least.
Thank you. I had no idea what a socket was. Now I know.
LocalSocket /var/tmp/clamd.socket
It seems to have worked and now I can run clamdscan. I hope that’s OK.
_______________________________________________
clamav-users mailing list
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
Michael Newman
2018-08-22 23:56:00 UTC
Permalink
Post by Micah Snyder (micasnyd)
Woah, I need to proof-read my emails better. I meant to say, "You shouldn't need 'sudo' if your user can write to the directory.
Thank you and yes, I understand that part.

What I didn’t understand was why using sudo caused dns and network errors but using freshcalm without sudo worked fine:

WARNING: Can't query current.cvd.clamav.net
WARNING: Invalid DNS reply. Falling back to HTTP mode.
If-Modified-Since: Wed, 07 Jun 2017 21:38:10 GMT
Reading CVD header (main.cvd): nonblock_connect: connect(): fd=6 errno=64: Host is down
Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.186.138)
nonblock_connect: connect(): fd=6 errno=64: Host is down
Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.188.138)
Trying host db.TH.clamav.net (104.16.187.138)...
nonblock_connect: connect(): fd=6 errno=64: Host is down
Can't connect to port 80 of host db.TH.clamav.net (IP: 104.16.187.138)
Trying host db.TH.clamav.net (104.16.189.138)...
nonblock_connect: connect(): fd=6 errno=64: Host is down

WARNING: Can't read main.cvd header from database.clamav.net (IP: )
Giving up on database.clamav.net...
Update failed. Your network may be down or none of the mirrors listed in /opt/local/etc/freshclam.conf is working. Check https://www.clamav.net/documents/official-mirror-faq <https://www.clamav.net/documents/official-mirror-faq> for possible reasons.
Tilman Schmidt
2018-08-23 09:08:30 UTC
Permalink
What I didn’t understand was why using sudo caused dns and network
You wouldn't have SELinux active in enforcing mode on that machine by
any chance?
--
Tilman Schmidt
cardtech Card & POS Service GmbH
Cologne, Germany
_______________________________________________
clamav-users mailing list
clamav-***@lists.clamav.net
http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clam
Al Varnell
2018-08-23 09:35:59 UTC
Permalink
OP is running macOS (Darwin).

-Al-
Post by Tilman Schmidt
Post by Michael Newman
What I didn’t understand was why using sudo caused dns and network
You wouldn't have SELinux active in enforcing mode on that machine by
any chance?
Loading...