Package: clamav-daemon Version: 1.0.5+dfsg-1~deb12u1 Hi,
By default, clamonacc fails to scan any non-publically readable file with the following error: File patch check failure: Permission denied. Error Some research found the following pages about this, which seem to suggest adding --fdpass (or --stream) to /usr/sbin/clamonacc command line parameters. https://github.com/Cisco-Talos/clamav/issues/1050 https://www.securiteinfo.com/clamav-antivirus/fixing-most-common-issues-encountered-with-clamav.shtml So, clamonacc should be started as follows from /usr/lib/systemd/system/clamav-clamonacc.service : ExecStart=/usr/sbin/clamonacc --fdpass -F --log=/var/log/clamav/clamonacc.log --move=/root/quarantine From what I understood, clamonacc spawns an unprivileged sub process to perform the actual scanning, and by default the sub process attempts to open the file to be scanned itself, as an unprivileged user. --fdpass or --checkpass instead have the (privileged) parent open the file, and pass the file descriptor to the child, avoiding the issue. Moreover, the /root/quarantine directory is not created by the install scripts, leading to an non-function clamonacc, because it has nowhere to move infected files to. Thanks, -- Alain Knaff Service Informatique Administration de l'environnement 1, avenue du Rock'n'Roll . L-4361 Esch-sur-Alzette Tél. (+352) 40 56 56-309 E-Mail alain.kn...@aev.etat.lu www.emwelt.lu | www.gouvernement.lu
