Running the same test on a Debian system is fine, which led me to check the diff between Ubuntu and Debian clamav packages. The main one I noticed was that apparmor is enabled on Ubuntu. Sure enough, that's the problem:
chrisb@ernie:~/fixtures$ sudo /etc/init.d/apparmor stop
* Unloading AppArmor profiles
...done.
chrisb@ernie:~/fixtures$ clamdscan
/home/chrisb/fixtures/eicar.com.txt: Eicar-Test-Signature FOUND
/home/chrisb/fixtures/eicar.com: Eicar-Test-Signature FOUND
/home/chrisb/fixtures/eicar_com.zip: Eicar-Test-Signature FOUND
/home/chrisb/fixtures/eicarcom2.zip: Eicar-Test-Signature FOUND
I had the same problem on my Ubuntu Jaunty system:
chrisb@ ernie:~ /fixtures$ clamdscan fixtures: lstat() failed: Permission denied. ERROR
/home/chrisb/
----------- SCAN SUMMARY -----------
Infected files: 0
Time: 0.002 sec (0 m 0 s)
The permissions on that directory, and all parents, should allow access:
chrisb@ ernie:~ /fixtures$ ls -ld /home /home/chrisb /home/chrisb/ fixtures fixtures
drwxr-xr-x 9 root staff 4096 2009-03-20 17:31 /home
drwxr-xr-x 163 chrisb chrisb 61440 2009-10-20 13:09 /home/chrisb
drwxrwxr-x 2 chrisb staff 4096 2009-10-20 12:51 /home/chrisb/
Running the same test on a Debian system is fine, which led me to check the diff between Ubuntu and Debian clamav packages. The main one I noticed was that apparmor is enabled on Ubuntu. Sure enough, that's the problem:
chrisb@ ernie:~ /fixtures$ sudo /etc/init. d/apparmor stop ernie:~ /fixtures$ clamdscan fixtures/ eicar.com. txt: Eicar-Test- Signature FOUND fixtures/ eicar.com: Eicar-Test- Signature FOUND fixtures/ eicar_com. zip: Eicar-Test- Signature FOUND fixtures/ eicarcom2. zip: Eicar-Test- Signature FOUND
* Unloading AppArmor profiles
...done.
chrisb@
/home/chrisb/
/home/chrisb/
/home/chrisb/
/home/chrisb/
----------- SCAN SUMMARY -----------
Infected files: 4
Time: 0.004 sec (0 m 0 s)
It looks like the default apparmor profile is restricting the files that clamd can read, which totally breaks clamdscan.