numerous "file path check failure" warnings #1128
Comments
|
Could you check if those files still exist on your machine? I wonder if the files temporarily existed and disappeared before the scan performed that file path check. |
All files exist. These files do not exist temporarily. |
database-wal exist. .com.google.Chrome.K8ZhBo does not exist. for the files which exist : |
|
I see you're using the OnAccess options in If you're running clamonacc with clamd, it may be that clamd is running as the "clamav" user and does not have permission to open these files in your home directory. Others have reported the same or similar issue with clamonacc. See #1050, #514 and #857. In #1050, the reporter noted that |
|
I only installed packages. I don't have any knowledge for setting any clamav component. ACL of the file :
You can see this is never the same list of files. |
"--fdpass" is an extra commandline option when you start the I see you have a It is probably something similar for |
|
it seem ok now. What is the meaning of |
|
The SpoofedDomain heuristic means the scan found some HTML links where the display text is made to look like a link, but the domain does not match the actual domain that the link takes you to. ClamAV doesn't complain about this for every link, but only for a specific websites that are higher risk of being used in phishing such as websites for banks, paypal, etc. If you scan those files with |
|
Thanks for the explanation.
These mail was scanned by clamav via spamassassin and declared "ham" with "X-Virus-Flag: no". The false positives spoofing urls (I assume) bienvenue.ccf.fr bienvenue.ccf.fr www.hsbc.fr/protection-des-donnees www.cnil.fr/fr/contacter-la-cnil-standard-et-permanences-telephoniques services.hsbc.fr/cession In the third mail I did not find any link as those above-mentioned.
|
|
Surprise ! "--fdpass" disappeared. |
|
Hello It seems that sometime clamonacc.service is updated then the option "--fdpass" disappeared. |
Describe the bug
OpenSUSE Tumbleweed
Clamav 1.2.1 from https://build.opensuse.org/package/show/home%3Abruno_friedmann/clamav
clamd.service
clamd.service.txt
clamd log
clamd.log
In clamd journal I get numerous "file path check failure" about .pki, Google Chrome files, Mozilla files, etc. Is it normal ?
How to reproduce the problem
Replace this text with the output from the ClamAV command:
clamconf -n
:~> clamconf -n
Checking configuration files in /etc
Config file: clamd.conf
LogSyslog = "yes"
LogFacility = "LOG_MAIL"
PidFile = "/run/clamav/clamd.pid"
LocalSocket = "/run/clamav/clamd.sock"
User = "vscan"
OnAccessIncludePath = "/home"
OnAccessExcludeUname = "vscan"
Config file: freshclam.conf
PidFile = "/run/clamav/freshclam.pid"
DatabaseMirror = "database.clamav.net"
clamav-milter.conf not found
Software settings
Version: 1.2.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR
Database information
Database directory: /var/lib/clamav
daily.cld: version 27130, sigs: 2049190, built on Thu Dec 21 10:38:20 2023
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 14:32:42 2021
bytecode.cvd: version 334, sigs: 91, built on Wed Feb 22 22:33:21 2023
Total number of signatures: 8696708
Platform information
uname: Linux 6.6.7-1-default #1 SMP PREEMPT_DYNAMIC Thu Dec 14 17:36:48 UTC 2023 (6869d09) x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
Full OS version: "openSUSE Tumbleweed"
zlib version: 1.3 (1.3), compile flags: a9
platform id: 0x0a21bfbf08000000000d0201
Build information
GNU C: 13.2.1 20231130 [revision 741743c028dc00f27b9c8b1d5211c1f602f2fddd] (13.2.1)
sizeof(void*) = 8
Engine flevel: 191, dconf: 191
:~>
Attachments
If applicable, add screenshots to help explain your problem.
If the issue is reproducible only when scanning a specific file, attach it to the ticket.
The text was updated successfully, but these errors were encountered: