issues running clamdscan from cron

Issues related to applications and software problems
Post Reply
theoriginalguru
Posts: 13
Joined: 2009/04/10 08:08:31

issues running clamdscan from cron

Post by theoriginalguru » 2018/08/21 18:29:30

I have a CentOS 7.5 system running. I want to setup regular clamdscans on certain file systems. I have clamd running and it appears to all work fine when I run clamdscan manually:

Code: Select all

# clamdscan -c /etc/clamd.d/scan.conf --fdpass --no-summary --infected --multiscan /data /etc
/data/eicar.com: Eicar-Test-Signature FOUND
So, I have a cron.weekly script setup as:

Code: Select all

#!/bin/sh

DIR_LIST="/data /etc /blah /blah2"

if systemctl is-active --quiet clamd@scan.service ; then
    clamdscan -c /etc/clamd.d/scan.conf --fdpass --no-summary --infected --multiscan ${DIR_LIST} 2>/dev/null
else
    echo "WARNING: clamd service not active. aborting scan."
fi
However, when this runs, I get this output:

Code: Select all

/etc/cron.weekly/runclamdscan:

/data/eicar.com: Eicar-Test-Signature FOUND
/etc/gshadow-: Access denied. ERROR
/etc/shadow-: Access denied. ERROR
/etc/shadow: Access denied. ERROR
/etc/gshadow: Access denied. ERROR
I do have SELinux enabled, and these SELinux booleans:

Code: Select all

# getsebool -a |grep antivirus
antivirus_can_scan_system --> on
antivirus_use_jit --> on
How can i get this working properly in cron?

theoriginalguru
Posts: 13
Joined: 2009/04/10 08:08:31

Re: issues running clamdscan from cron

Post by theoriginalguru » 2018/08/26 22:53:24

anybody?

tunk
Posts: 1205
Joined: 2017/02/22 15:08:17

Re: issues running clamdscan from cron

Post by tunk » 2018/08/26 23:38:28

I don't know what your problem is, but I think systemd timers are the preferred method.

theoriginalguru
Posts: 13
Joined: 2009/04/10 08:08:31

Re: issues running clamdscan from cron

Post by theoriginalguru » 2018/08/26 23:45:55

tunk wrote:
2018/08/26 23:38:28
I don't know what your problem is, but I think systemd timers are the preferred method.
what do you mean by "systemd timers" ? preferred method for what? please elaborate..

pjsr2
Posts: 614
Joined: 2014/03/27 20:11:07

Re: issues running clamdscan from cron

Post by pjsr2 » 2018/08/27 07:59:29

Since the /etc/*shadow* files contains the encrypted passwords off all users, they are heavily protected. So the virus scanner cannot scan those.

The file permissions for the files /etc/*shadow* are set to "not readable" by anybody:

Code: Select all

$ ls -lZ /etc/*shadow*
----------. root root system_u:object_r:shadow_t:s0    /etc/gshadow
----------. root root system_u:object_r:shadow_t:s0    /etc/gshadow-
----------. root root system_u:object_r:shadow_t:s0    /etc/shadow
----------. root root system_u:object_r:shadow_t:s0    /etc/shadow-

Post Reply