Ubuntu
clamfs package

clamfs ubuntu intrepid server

Asked by dmitrysir

Hello.
I try to install clamfs to ubuntu 8.10 server, also install all suggested packages (clamav, ... ). After successful installation I copy clamfs config sammle to /etc/clamfs/config.xml and change only path to directories
<filesystem root="/clamfs" mountpoint="/share" public="yes" nonempty="yes" />
(all directories is created and have permissions 0777).
Then I started clamfs with new config (clamd started aumatically).
Mount was susccessfull, i can put any file to /share, but i can not open or copy any file from it (without viruses ). Only files with extensions from whitelist i can open. In log file I see:
(clamav.cxx:135) (file:5645) (root:0) /clamfs/Dzintari_1.jpg: Access denied. ERROR
(all permissions for file is set to 666, for directory to 777, and I can scan directory /clamfs by clamscan)
What is the problem, or my error?
Thank you very much for help!

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu clamfs Edit question
Assignee:
No assignee Edit question
Solved by:
Krzysztof Burghardt
Solved:
Last query:
Last reply:
Revision history for this message
Krzysztof Burghardt (burghardt) said : 		#1

Looks like Clam Daemon cannot access file, as this message comes from clamd socket:
(clamav.cxx:135) (file:5645) (root:0) /clamfs/Dzintari_1.jpg: Access denied. ERROR

Could you check if clamdscan (this "d" in command is important, as clamscan use clam library directly, not trough clamd) works? This will allow us to distinguish between ClamFS and clamd problems.

Do you use some hardening features like RSBAC, grsecurity, SELinux, AppArmor, etc.? Those can prevent file access even when permissions are set properly.

Revision history for this message
dmitrysir (dimas-petits) said : 		#2

clamdscan also put error:
clamdscan /clamfs
/clamfs: Access denied. ERROR

I try change directory and file owner to clamav, but result is teh same.

# ls -l /
total 93
drwxr-xr-x 2 root root 4096 Jan 14 15:48 bin
drwxr-xr-x 4 root root 1024 Jan 14 15:48 boot
lrwxrwxrwx 1 root root 11 Jan 14 15:28 cdrom -> media/cdrom
drwxrwxrwx 2 clamav clamav 4096 Jan 30 09:43 clamfs

I don't use any hardening software (it is a server with fresh ubuntu installation). Here is LAMP, proftpd, sshd, sendmail, and I plan install samba

But at directory /tmp and its subdirectories clamdscan work :) (if file have read permissions for all)

Revision history for this message
dmitrysir (dimas-petits) said : 		#3

Also at this server used RAID-1 disks
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/md2 476395176 84290636 367905036 19% /
tmpfs 1035564 0 1035564 0% /lib/init/rw
varrun 1035564 480 1035084 1% /var/run
varlock 1035564 0 1035564 0% /var/lock
udev 1035564 2744 1032820 1% /dev
tmpfs 1035564 0 1035564 0% /dev/shm
/dev/md0 459048 24553 410003 6% /boot
clamfs 476395176 84290636 367905036 19% /share

Revision history for this message
Best Krzysztof Burghardt (burghardt) said : 		#4

If clamdscan doesn't work too it probably clamd problem.

I'm not sure about that, but clamav-daemon package have /etc/apparmor.d/usr.sbin.clamd file with:
  /tmp/ rw,
  /tmp/** krw,

Try to add:
  /clamfs/ ** r,

Then run "sudo apparmor reload".

So it will be able to read from /clamfs if AppArmor is active (isn't it active by default?).

Also, I advice not to change files owner to clamav, but rather use ACLs. Something like:
$ setfacl -R -b -d -m user:clamav:rx /clamfs
$ setfacl -R -m user:clamav:rx /clamfs

Revision history for this message
dmitrysir (dimas-petits) said : 		#5

Thank You!!!
It's work!!!
Please include this in documentation for anotaher users :)

Revision history for this message
dmitrysir (dimas-petits) said : 		#6

Thanks Krzysztof Burghardt, that solved my question.