clamav icon indicating copy to clipboard operation
clamav copied to clipboard

Published 20 hours ago verified publisher icon Cisco-Talos

1.3.0, clamonacc error message "ClamMisc: Unexpected issue; Daemon failed to scan"

Open promeneur opened this issue 1 year ago • 8 comments

Describe the bug

Clamonacc service does not start

How to reproduce the problem

start clamonacc service

Replace this text with the output from the ClamAV command:

:~> clamconf -n Checking configuration files in /etc

Config file: clamd.conf

LogSyslog = "yes" LogFacility = "LOG_MAIL" LocalSocket = "/run/clamav/clamd.sock" Foreground = "yes" User = "vscan" OnAccessIncludePath = "/home" OnAccessExcludeUname = "vscan"

Config file: freshclam.conf

LogSyslog = "yes" LogFacility = "LOG_MAIL" DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings

Version: 1.3.0 Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /var/lib/clamav daily.cld: version 27130, sigs: 2049190, built on Thu Dec 21 10:38:20 2023 main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021 bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023 Total number of signatures: 8696708

Platform information

uname: Linux 6.7.4-1-default #1 SMP PREEMPT_DYNAMIC Tue Feb 6 05:32:37 UTC 2024 (01735a3) x86_64 OS: Linux, ARCH: x86_64, CPU: x86_64 Full OS version: "openSUSE Tumbleweed" zlib version: 1.3 (1.3), compile flags: a9 platform id: 0x0a21c8c808000000000d0201

Build information

GNU C: 13.2.1 20240206 [revision 67ac78caf31f7cb3202177e6428a46d829b70f23] (13.2.1) sizeof(void*) = 8 Engine flevel: 200, dconf: 200

contents of the log :

Started ClamAV On-Access Scanner. ClamClient: Initial connection failed, Couldn't connect to server. Will try again... clamonacc.service: Deactivated successfully.

promeneur avatar Feb 17 '24 18:02 promeneur

With the update yesterday 18/02/2024, there is some progress. Clamonacc is running.

It remains some problems : Couldn't connect to server Daemon failed to scan

 clamonacc.service - ClamAV On-Access Scanner
     Loaded: loaded (/usr/lib/systemd/system/clamonacc.service; enabled; preset: disabled)
     Active: active (running) since Mon 2024-02-19 07:22:44 CET; 8min ago
       Docs: man:clamonacc(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 1677 (clamonacc)
      Tasks: 8 (limit: 4915)
        CPU: 4.140s
     CGroup: /system.slice/clamonacc.service
             └─1677 /usr/sbin/clamonacc --ping 30:10 --wait --fdpass --foreground

févr. 19 07:22:44 grincheux systemd[1]: Started ClamAV On-Access Scanner.
févr. 19 07:22:44 grincheux clamonacc[1677]: ClamClient: Initial connection failed, Couldn't connect to server. Will try again...
févr. 19 07:22:58 grincheux clamonacc[1677]: ClamInotif: watching '/home' (and all sub-directories)
févr. 19 07:27:25 grincheux clamonacc[1677]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/.config/google-chrome/Default/Service Worker/CacheStorage/8cbb992fe0cd9ef960e69a214646>
févr. 19 07:27:25 grincheux clamonacc[1677]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/.config/google-chrome/Default/Service Worker/CacheStorage/8cbb992fe0cd9ef960e69a214646>
févr. 19 07:27:25 grincheux clamonacc[1677]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/.config/google-chrome/Default/Service Worker/CacheStorage/8cbb992fe0cd9ef960e69a214646>
févr. 19 07:27:25 grincheux clamonacc[1677]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/.config/google-chrome/Default/Service Worker/CacheStorage/8cbb992fe0cd9ef960e69a214646>
févr. 19 07:27:25 grincheux clamonacc[1677]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/.config/google-chrome/Default/Service Worker/CacheStorage/8cbb992fe0cd9ef960e69a214646>
~

promeneur avatar Feb 19 '24 07:02 promeneur

I'm glad to hear you got clamonacc running.

I'm unsure what is causing the "Unexpected issue; Daemon failed to scan" problem. It's possible the cache file was deleted between the time of the file access and the time the scan began. Maybe? I'm grasping for ideas here.

Clamonacc may provide additional detail if you have the service start with the "--verbose" command line option.

micahsnyder avatar Feb 21 '24 13:02 micahsnyder

today i get this


févr. 21 09:27:44 grincheux clamonacc[1741]: ERROR: ClamInotif: issue when adding watch for /home/roubach/.mozilla/firefox/cjx7x4b0.default-release/storage/default/https+++www.leparisien.fr/cache/>
févr. 21 09:27:44 grincheux clamonacc[1741]: ERROR: ClamInotif: watch descriptor issue when adding watch for /home/roubach/.mozilla/firefox/cjx7x4b0.default-release/storage/default/https+++www.lep>
févr. 21 09:27:44 grincheux clamonacc[1741]: ERROR: ClamInotif: issue when adding watch for /home/roubach/.mozilla/firefox/cjx7x4b0.default-release/storage/default/https+++www.leparisien.fr/cache/>
févr. 21 12:53:55 grincheux clamonacc[1741]: ERROR: ClamInotif: could not add element to hash table for /home/roubach/.cache/mozilla/firefox/cjx7x4b0.default-release/safebrowsing-backup
févr. 21 15:17:33 grincheux clamonacc[1741]: ERROR: ClamInotif: could not add element to hash table for /home/roubach/.cache/mozilla/firefox/cjx7x4b0.default-release/safebrowsing-backup
févr. 21 15:47:48 grincheux clamonacc[1741]: ERROR: ClamInotif: could not add element to hash table for /home/roubach/.cache/mozilla/firefox/cjx7x4b0.default-release/safebrowsing-backup
févr. 21 15:51:18 grincheux clamonacc[1741]: ERROR: ClamClient: Connection to clamd failed, Couldn't connect to server.
févr. 21 15:51:18 grincheux clamonacc[1741]: ClamClient: Connection to clamd re-established.
févr. 21 15:51:18 grincheux clamonacc[1741]: ClamMisc: Unexpected issue; Daemon failed to scan: /home/roubach/Téléchargements/myconsult-cloud-token-16.pdf
févr. 21 16:41:36 grincheux clamonacc[1741]: ERROR: ClamInotif: could not add element to hash table for /home/roubach/.cache/mozilla/firefox/cjx7x4b0.default-release/safebrowsing-backup

promeneur avatar Feb 21 '24 15:02 promeneur

today here is the log

 sudo systemctl status clamonacc
[sudo] Mot de passe de root : 
● clamonacc.service - ClamAV On-Access Scanner
     Loaded: loaded (/usr/lib/systemd/system/clamonacc.service; enabled; preset: disabled)
    Drop-In: /etc/systemd/system/clamonacc.service.d
             └─override.conf
     Active: active (running) since Thu 2024-02-22 07:07:53 CET; 6min ago
       Docs: man:clamonacc(8)
             man:clamd.conf(5)
             https://docs.clamav.net/
   Main PID: 1727 (clamonacc)
      Tasks: 8 (limit: 4915)
        CPU: 4.262s
     CGroup: /system.slice/clamonacc.service
             └─1727 /usr/sbin/clamonacc --ping 30:10 --wait --fdpass --foreground --verbose

févr. 22 07:14:41 grincheux clamonacc[1727]: ClamFanotif: attempting to feed consumer queue
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamWorker: performing scanning on file '/home/roubach/.config/kwalletrc'
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamFanotif: attempting to feed consumer queue
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamFanotif: attempting to feed consumer queue
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamWorker: performing scanning on file '/home/roubach/.config/akonadi/agent_config_akonadi_imap_resource_4'
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamWorker: performing scanning on file '/home/roubach/.config/akonadi/agent_config_akonadi_imap_resource_4.lock'
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamFanotif: attempting to feed consumer queue
févr. 22 07:14:41 grincheux clamonacc[1727]: ClamWorker: performing scanning on file '/home/roubach/.config/akonadi/#2622943445 (deleted)'
févr. 22 07:14:42 grincheux clamonacc[1727]: ClamFanotif: attempting to feed consumer queue
févr. 22 07:14:42 grincheux clamonacc[1727]: ClamWorker: performing scanning on file '/home/roubach/.config/google-chrome/Default/.com.google.Chrome.Utpjz7'

promeneur avatar Feb 22 '24 06:02 promeneur

today i get this

févr. 23 09:04:41 grincheux systemd[1]: Started ClamAV On-Access Scanner.
févr. 23 09:04:41 grincheux clamonacc[1698]: ClamClient: Initial connection failed, Couldn't connect to server. Will try again...
févr. 23 09:04:54 grincheux clamonacc[1698]: ClamInotif: watching '/home' (and all sub-directories)
févr. 23 09:16:33 grincheux clamonacc[1698]: /home/roubach/.local/share/local-mail/.Personnel.directory/hsbc/new/1697804512359.R403.grincheux: Heuristics.Phishing.Email.SpoofedDomain FOUND
févr. 23 09:16:33 grincheux clamonacc[1698]: /home/roubach/.local/share/akonadi/file_db_data/91/79891_r0: Heuristics.Phishing.Email.SpoofedDomain FOUND
févr. 23 09:16:33 grincheux clamonacc[1698]: /home/roubach/.local/share/akonadi/file_db_data/91/79891_r0: Heuristics.Phishing.Email.SpoofedDomain FOUND
févr. 23 09:16:36 grincheux clamonacc[1698]: /home/roubach/.local/share/akonadi/file_db_data/91/79891_r0: Heuristics.Phishing.Email.SpoofedDomain FOUND
févr. 23 09:25:56 grincheux clamonacc[1698]: ERROR: ClamInotif: could not add element to hash table for /home/roubach/.cache/mozilla/firefox/cjx7x4b0.default-release/safebrowsing-backup

promeneur avatar Feb 23 '24 08:02 promeneur

@promeneur I appreciate your enthusiasm. I'm not sure how to respond. Clamonacc is known to struggle when scanning very active directories. A lot of optimizations are needed to reduce scan error issues and improve performance so it can be used system-wide or for monitoring active user directories in an effective way.

micahsnyder avatar Feb 23 '24 16:02 micahsnyder

@micahsnyder

Ok I understand.

A question. Is "/" scanned by clamonacc ?

promeneur avatar Feb 23 '24 17:02 promeneur

It depends on what you put in your clamd.conf file for the OnAccessIncludePath or OnAccessMountPath settings.

I do not expect it will work well if you try to have it monitor "/".

micahsnyder avatar Feb 23 '24 17:02 micahsnyder