clamdscan can't scan anything

I'm having a similar issue,

running clamscan as either root or as user will scan my home folder no issues, installing clamav-daemon and running clamdscan will result in a lot of permission errors being thrown up and some files being missed entirely?

clamscan:

----------- SCAN SUMMARY -----------
Known viruses: 813879
Engine version: 0.96.5
Scanned directories: 1
Scanned files: 23
Infected files: 0
Data scanned: 3.73 MB
Data read: 31.42 MB (ratio 0.12:1)
Time: 2.451 sec (0 m 2 s)

clamdscan:

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 76
Time: 32.342 sec (0 m 32 s)

I'm having the same issue, but wanted to verify that this worked correctly:
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/487631/comments/8

In that test, clamdscan works.

Regardless of the efforts of steps in #3 to rule anything out, after stopping apparmor with teardown and restarting clamd, I still can't scan anything not owned by clamav. .

Thanks for the link, JG.

I didn't realize running clamdscan as root would cause problems. I did that in all my tests to try to alleviate any permissions issues. I'll make sure I run all my tests as a regular user from now on.

In the first test, clamdscan works on my machine as well. When I make the file in /tmp 640, however, I receive a different error message:

----------------------------------
/tmp/eicar.com.txt: Access denied. ERROR
----------------------------------

This is different from the lstat() error I receive in every other case. /tmp/ appears to be a special case. I need to scan other directories...

Also, when I tried adding clamav to my user's group, it appeared to work, but I got more errors when restarting the daemon followed by the same "Access denied" error:

----------------------------------
awensley@uhs:/tmp$ service clamav-daemon restart
chown: changing ownership of `/var/run/clamav': Operation not permitted
chown: changing ownership of `/var/run/clamav': Operation not permitted
 * Stopping ClamAV daemon clamd kill: 405: Operation not permitted [fail]
chown: changing ownership of `/var/run/clamav': Operation not permitted
 * Starting ClamAV daemon clamd start-stop-daemon: Unable to set gid to 130 (Operation not permitted) [fail]
awensley@uhs:/tmp$ clamdscan /tmp/eicar.com.txt
/tmp/eicar.com.txt: Access denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.001 sec (0 m 0 s)
awensley@uhs:/tmp$

Oops... nevermind about the errors in the last part of #5, I forgot to use sudo on the service restart command:

----------------------------------
awensley@uhs:/tmp$ sudo service clamav-daemon restart
----------------------------------

The last test works now. However, I am still unable to scan anything else regardless of whether apparmor and/or selinux are enabled.

clamdscan is just a command line tool that issues commands to clamav-daemon. The files are scanned by clamav-daemon, which runs as a daemon with clamav user (by default). You can only scan folders and files to which clamav-daemon (the clamav user) has access to.
So if you want to check a directory like /a/b/c, every directory along the way has to have the correct permissions for clamav user to access them. If /a doesn't have it, clamav-daemon can't get to b or c...
clamdscan is not really ment to be run by normal users from the command line. If you really want that, you have to give the correct permissions to clamav-daemon (= clamav user).
clamscan on the other hand should work just fine on every directory your user has access to, it's just that it's slower because it has to load the virus database at startup.
The above goes when apparmor/selinux is not running. If apparmor is running, there are more restrictions on clamav-daemon.

Thanks for the input Imre,

I think I've done due diligence as far as users and permissions go. clamav has been added to the admin and root user groups and the directory I tested scanning for this bug report has been given 777 permissions. I also pasted the results of running stat on that directory as clamav user, which works, so the error appears to be misleading.

Regardless, I can't scan ANYTHING; not even my home directory, which according to this bug report is supposed to "just work"
https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/450250

[Expired for clamav (Ubuntu) because there has been no activity for 60 days.]

Status changed to 'Confirmed' because the bug affects multiple users.

This is STILL a bug in Ubuntu 14.04.1, nearly 4 years after the bug was originally logged and 3 LTS releases.

# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.1 LTS"

# clamdscan /
/: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

The problem is caused by incorrect permissions on the directories

/var/spool/exim4
/var/spool/exim4/scan

and incorrect apparmor settings, as described here:

http://superuser.com/questions/344003/exim-clamav-file-access-error

One way to solve this problem would be to modify the exim4 and clamav-daemon package installation scripts as follows:

In the exim4 installation script:

1. Create the group exim-scan, if it doesn't already exist.

2. Change the group of the two directories listed above to exim-scan. (Leave the owner as it is, Debian-exim.)

3. Set the group execute bit (g+s) on the two directories listed above.

In the clamav-daemon package installation script:

1. Create the group exim-scan, if it doesn't already exist.

2. Add the clamav user to the exim-scan group.

3. Add this line to /etc/apparmor.d/usr.sbin.clamd:

   /var/spool/exim4/scan/** r,

Make a similar change to other email virus scanners that can be integrated with exim, if any.

Sorry, I misread this issue. I thought it was failure for clamd to scan when integrated with exim4. It's the same underlying issue though; clamd cannot scan when either permissions or apparmor settings prevent it from doing so.

Shall I submit the exim4 version of this as a separate issue, or should we leave it as part of this one?

Stupid auto correct.

clamsmtp

On March 19, 2015 8:59:15 PM EDT, Scott Kitterman <email address hidden> wrote:
>Does claimant work with Exim? If so, just use that.

This version has expired a while ago

Still true with :
clamav/cosmic,now 0.100.2+dfsg-0ubuntu1 amd64 [installé]
  anti-virus utility for Unix - command-line interface

clamav-base/cosmic,cosmic,now 0.100.2+dfsg-0ubuntu1 all [installé, automatique]
  anti-virus utility for Unix - base package

clamav-daemon/cosmic,now 0.100.2+dfsg-0ubuntu1 amd64 [installé]
  anti-virus utility for Unix - scanner daemon

$ clamdscan .viminfo
/home/pascal/.viminfo: lstat() failed: Permission denied. ERROR

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)