Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable
Hi, I need some input to understand what is wrong. I have some problems with my system (sddm during login on the main monitor, while all other monitors log in just fine) so I wanted to search my journal for some feedback. But I found it incredibly spammed, filled with millions of lines of these errors of clamd ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/e174b952f45c81266f2aa6ff2faf8204-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/7ef2298fde41cc6eeb7af42e48b7d293-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/fb8341411dac03919a6f30c61d3ee363-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/fb8341411dac03919a6f30c61d3ee363-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/31d258c26849b1f3b28618b43aef0df4-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/31d258c26849b1f3b28618b43aef0df4-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/8aefcdceaf7081f7a76e5c97af6ee8fa-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/8aefcdceaf7081f7a76e5c97af6ee8fa-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/712cd08b1ee090e27e4db4d38f098b5b-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/712cd08b1ee090e27e4db4d38f098b5b-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/4c50721ef3546eb2746d415117216e74-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/4c50721ef3546eb2746d415117216e74-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/b7c4333675e0ca84d9af12927db7f5e5-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/b7c4333675e0ca84d9af12927db7f5e5-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/b6565330f3cba832d0b61036a78e2648-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/b6565330f3cba832d0b61036a78e2648-x86_64.cache-9 ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/c7065e1c7dd0f6b2e3062b6686e0f20f-x86_64.cache-9 and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable. Thank you.
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote: ...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
Nothing you can do with the journal, there is no filtering possible. You can, however, use a syslog daemon, classical style, and there you can create filters that impede the writing of spam. Or, you can apply grep rules to the output of the journal to remove spam lines from view. On the clamd problem itself, I don't know what is that message. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On Tue, 22 Oct 2024 15:21:38 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote:
...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
The journal doesn't grow without bound. You chose the amount of space it should use (perhaps by default).
Nothing you can do with the journal, there is no filtering possible.
There are several filters, including a grep facility. Please RTFM.
Or, you can apply grep rules to the output of the journal to remove spam lines from view.
On the clamd problem itself, I don't know what is that message.
A web search appears to suggest the problem may be associated with something called clamacc but maybe a web search will throw up other ideas.
In data martedì 22 ottobre 2024 21:53:32 Ora legale dell’Europa centrale, Dave Howorth ha scritto:
On Tue, 22 Oct 2024 15:21:38 +0200
"Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote:
...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
The journal doesn't grow without bound. You chose the amount of space it should use (perhaps by default).
Nothing you can do with the journal, there is no filtering possible.
There are several filters, including a grep facility. Please RTFM.
Or, you can apply grep rules to the output of the journal to remove spam lines from view.
On the clamd problem itself, I don't know what is that message.
A web search appears to suggest the problem may be associated with something called clamacc but maybe a web search will throw up other ideas.
well clamd is the base for the on access scanner of clamav. The issue has been reported to other distributions but I wanted to investigate if others suffer the same problems. If it for RTFM such an advice is not very useful. As you say, the journal will rotate and if then the content is just the garbage it does not help very much. That said, the easiest method to get rid of faulty software is not to use it (so to turn of clamd and the on access scanner) but as it is supposedly useful, maybe reporting the bug could be a choice. Now that was part of the question: does anybody had this as a problem solved and has a good workaround. Then reporting the bug would not be useful. So thank you for your kind contribution, and before any other comes up with it; yes, I know how to read and I have google.
On Tue, 22 Oct 2024 22:35:17 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> wrote:
In data martedì 22 ottobre 2024 21:53:32 Ora legale dell’Europa centrale, Dave Howorth ha scritto:
On Tue, 22 Oct 2024 15:21:38 +0200
"Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote:
...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
The journal doesn't grow without bound. You chose the amount of space it should use (perhaps by default).
Nothing you can do with the journal, there is no filtering possible.
There are several filters, including a grep facility. Please RTFM.
Or, you can apply grep rules to the output of the journal to remove spam lines from view.
On the clamd problem itself, I don't know what is that message.
A web search appears to suggest the problem may be associated with something called clamacc but maybe a web search will throw up other ideas.
well clamd is the base for the on access scanner of clamav. The issue has been reported to other distributions but I wanted to investigate if others suffer the same problems.
You didn't say that was your purpose and I'm not a mind-reader.
If it for RTFM such an advice is not very useful. As you say, the journal will rotate and if then the content is just the garbage it does not help very much.
Well everything else will be logged as well as the garbage. It doesn't stop logging.
That said, the easiest method to get rid of faulty software is not to use it (so to turn of clamd and the on access scanner) but as it is supposedly useful, maybe reporting the bug could be a choice.
Now that was part of the question: does anybody had this as a problem solved and has a good workaround. Then reporting the bug would not be useful.
So thank you for your kind contribution, and before any other comes up with it; yes, I know how to read and I have google.
I'm glad to hear it, but again you didn't say so, so you must be tolerant of responses that didn't make assumptions.
On 2024-10-22 21:53, Dave Howorth wrote:
On Tue, 22 Oct 2024 15:21:38 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote:
...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
The journal doesn't grow without bound. You chose the amount of space it should use (perhaps by default).
Nothing you can do with the journal, there is no filtering possible.
There are several filters, including a grep facility. Please RTFM.
Please read again what I wrote and the RTFM indeed. You can not REMOVE from the log entries you do not want written. You can only filter on read, not on write. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote:
But I found it incredibly spammed, filled with millions of lines of these errors of clamd
ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/e174b952f45c81266f2aa6ff2faf8204-x86_64.cache-9 [...] ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/c7065e1c7dd0f6b2e3062b6686e0f20f-x86_64.cache-9
On Tue, 22 Oct 2024 15:21:38 +0200, "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-22 09:35, Stakanov via openSUSE Users wrote: ...
and so on and so forth. What is happening here and how to fix it? Currently the journal (a part of ever growing size, because these are pages and pages, is useless because unreadable.
Nothing you can do with the journal, there is no filtering possible.
You can, however, use a syslog daemon, classical style, and there you can create filters that impede the writing of spam.
Or, you can apply grep rules to the output of the journal to remove spam lines from view.
On the clamd problem itself, I don't know what is that message.
To show only the clamd journal entries leading up to the first spam message: PID_re='2066' PATH_re='/home/mercurio/\.cache/fontconfig/[0-9abcdef]\{32\}-x86_64\.cache-9' SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure for: '"$PATH_re"'$' journalctl -t clamd |sed -n -e "1,\\|$SPAM_re|p" To show all the non-spam clamd messages: journalctl -t clamd |grep -v "$SPAM_re" To view the journal without any clamd messages: journalctl -T clamd -- Robert Webb
In data mercoledì 23 ottobre 2024 00:31:17 Ora legale dell’Europa centrale, Robert Webb via openSUSE Users ha scritto:
To show only the clamd journal entries leading up to the first spam message:
PID_re='2066'
PATH_re='/home/mercurio/\.cache/fontconfig/[0-9abcdef]\{32\}-x86_64\.cache- 9' SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure for: '"$PATH_re"'$'
journalctl -t clamd |sed -n -e "1,\\|$SPAM_re|p"
To show all the non-spam clamd messages:
journalctl -t clamd |grep -v "$SPAM_re"
To view the journal without any clamd messages:
journalctl -T clamd
-- Robert Webb
Dear Robert, very helpful, I will use this as future reference.
Hello, In the Message; Subject : Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <3224761.nS83rLWL6W@silversurfer> Date & Time: Tue, 22 Oct 2024 09:35:53 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written: You're using clamav 1.3.1, right? [...]
ott 22 09:15:20 silversurfer clamd[2066]: File path check failure for: /home/ mercurio/.cache/fontconfig/e174b952f45c81266f2aa6ff2faf8204-x86_64.cache-9 [...] ott 22 09:15:20 silversurfer clamd[2066]: File path check failure on: /home/ mercurio/.cache/fontconfig/c7065e1c7dd0f6b2e3062b6686e0f20f-x86_64.cache-9 [...]
Please show the results of; 1, $ cat /etc/clamd.conf | grep -B 3 /home 2. $ ls -al ~/ | grep .cache 3. $ ls -l ~/.cache | grep fontconfig Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "During testing, Sakana found that its system began unexpectedly attempting to modify its own experiment code to extend the time it had to work on a problem." -- Research AI model unexpectedly attempts to modify its own code to extend runtime (ars TECHNICA) --
Hello and thank you for your reply, much appreciated. In data mercoledì 23 ottobre 2024 06:33:45 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
Please show the results of;
1, $ cat /etc/clamd.conf | grep -B 3 /home
silversurfer:~ # cat /etc/clamd.conf | grep -B 3 /home # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled OnAccessIncludePath /home -- # Set the exclude paths. All subdirectories are also excluded. # Default: disabled #OnAccessExcludePath /home/user -- # It can be used multiple times. # Default: disabled #OnAccessMountPath / #OnAccessMountPath /home/user
2. $ ls -al ~/ | grep .cache
silversurfer:~ # ls -al ~/ | grep .cache drwx------ 1 root root 316 Sep 14 12:45 .cache
3. $ ls -l ~/.cache | grep fontconfig
silversurfer:~ # ls -l ~/.cache | grep fontconfig gives return to prompt, no output.
You're using clamav 1.3.1, right?
silversurfer:~ # rpm clamav --version RPM version 4.19.1.1 from "security repo" 1.4.1 as version of ClavAV
In data mercoledì 23 ottobre 2024 09:46:23 Ora legale dell’Europa centrale, Stakanov via openSUSE Users ha scritto: silversurfer:~ # journalctl -t clamd |sed -n -e "1,\\|$SPAM_re|p" Oct 19 10:15:52 silversurfer clamd[2059]: File path check failure on: /home/ mercurio/.local/share/local-mail/solucion freenet/cur/ 1619518303440.R45.silversurfer:2,S sed: -e expression #1, char 0: no previous regular expression This is the first entry where it does not find a path. So this by itself is interesting indeed, because local-mail solucion in mercurio is an account that has been eliminated time ago(!), no wonder that it does not find its path. Question is, if I did eliminate this entry in kmail time ago, why and where is there a path hanging around in the home directory leading to clamd searching for it? There was once a kind of cleaner program in kde, does it still work? Maybe I should run it? The home directory of this system is historical and survived about 10 re-installations during the years. Email changed, usages changed, so obviously clutter may be there around.
On 2024-10-23 10:03, Stakanov via openSUSE Users wrote:
In data mercoledì 23 ottobre 2024 09:46:23 Ora legale dell’Europa centrale, Stakanov via openSUSE Users ha scritto:
silversurfer:~ # journalctl -t clamd |sed -n -e "1,\\|$SPAM_re|p"
Oct 19 10:15:52 silversurfer clamd[2059]: File path check failure on: /home/ mercurio/.local/share/local-mail/solucion freenet/cur/ 1619518303440.R45.silversurfer:2,S sed: -e expression #1, char 0: no previous regular expression
Did you define $SPAM_re in advance?
This is the first entry where it does not find a path. So this by itself is interesting indeed, because local-mail solucion in mercurio is an account that has been eliminated time ago(!), no wonder that it does not find its path. Question is, if I did eliminate this entry in kmail time ago, why and where is there a path hanging around in the home directory leading to clamd searching for it?
There was once a kind of cleaner program in kde, does it still work? Maybe I should run it? The home directory of this system is historical and survived about 10 re-installations during the years. Email changed, usages changed, so obviously clutter may be there around.
Just use a file browser as root (I recommend 'mc' in a terminal) and navigate to /home/mercurio/.local/share/local-mail/ -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On Wed, 23 Oct 2024 15:07:10 +0200, "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-23 10:03, Stakanov via openSUSE Users wrote:
silversurfer:~ # journalctl -t clamd |sed -n -e "1,\\|$SPAM_re|p"
Oct 19 10:15:52 silversurfer clamd[2059]: File path check failure on: /home/ mercurio/.local/share/local-mail/solucion freenet/cur/ 1619518303440.R45.silversurfer:2,S sed: -e expression #1, char 0: no previous regular expression
Did you define $SPAM_re in advance?
Right. Due to $SPAM_re being unset, sed sees an empty regex between the delimiters and expects to use the previous one. So sed starts printing on line 1 and then fails on input line 2 when it first tries matching the regex. That being the first line output from 'journalctl -t clamd' means there are no clamd entries preceding the File path check failures. The file path and pid here vary from the previous examples given by Stakanov such that $SPAM_re needs updating to match the whole set: PID_re='[0-9]\+' PATH_re='/home/mercurio/.*' SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure for: '"$PATH_re"'$'
This is the first entry where it does not find a path. So this by itself is interesting indeed, because local-mail solucion in mercurio is an account that has been eliminated time ago(!), no wonder that it does not find its path. Question is, if I did eliminate this entry in kmail time ago, why and where is there a path hanging around in the home directory leading to clamd searching for it?
There was once a kind of cleaner program in kde, does it still work? Maybe I should run it? The home directory of this system is historical and survived about 10 re-installations during the years. Email changed, usages changed, so obviously clutter may be there around.
Just use a file browser as root (I recommend 'mc' in a terminal) and navigate to /home/mercurio/.local/share/local-mail/
-- Robert Webb
On Wed, 23 Oct 2024 22:57:52 +0000 (UTC), Robert Webb via openSUSE Users <users@lists.opensuse.org> wrote: Wow. I didn't notice that the error messages alternate between using "on" and "for".
Oct 19 10:15:52 silversurfer clamd[2059]: File path check failure on: /home/ mercurio/.local/share/local-mail/solucion freenet/cur/ 1619518303440.R45.silversurfer:2,S
PID_re='[0-9]\+' PATH_re='/home/mercurio/.*' SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure for: '"$PATH_re"'$'
So change the SPAM_re definition: SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure \(on\|for\): '"$PATH_re"'$' -- Robert Webb
OK, yet another reply to myself to correct an error, even though it is moot now. On Wed, 23 Oct 2024 23:35:32 +0000 (UTC), Robert Webb <webbdg@verizon.net> wrote: [To filter journal lines like this one:]
Oct 19 10:15:52 silversurfer clamd[2059]: File path check failure on: /home/ mercurio/.local/share/local-mail/solucion freenet/cur/ 1619518303440.R45.silversurfer:2,S
[Set these]
PID_re='[0-9]\+'
PATH_re='/home/.*'
SPAM_re=' silversurfer clamd\['"$PID_re"'\]: File path check failure \(on\|for\): '"$PATH_re"'$'
Because the pipe symbol (vertical bar character) is used in the regex ($SPAM_re), and because it can also be a regular character if not escaped, it cannot be used as the regex delimiter. So, using commas instead: journalctl -t clamd |sed -n -e "1,\\,$SPAM_re,p" If there are initial non-"spam" lines, they will be output followed by just the first "spam" line. Otherwise, the first two spam lines will be shown. Here is sample journalctl output posted by Stakanov. Attached: data-journal.txt P.S. Have I learned my lesson yet? Proper answer, avoiding details: "Use grep or something to filter the output." -- Robert Webb
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <4725845.GYRsoQQ8PN@silversurfer> Date & Time: Wed, 23 Oct 2024 10:03:59 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data mercoledì 23 ottobre 2024 09:46:23 Ora legale dell’Europa centrale, [...] So this by itself is interesting indeed, because local-mail solucion in mercurio is an account that has been eliminated time ago(!), no wonder that it does not find its path. [...]
Isn't clamondacc running? Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " The production of A.I. seems to carry a powerful side effect: as the machines generate intelligence, they also generate mystery. Human misunderstanding endures, possibly a permanent condition. " -- "Was Linguistic A.I. Created by Accident?" NEW YORKER --
In data giovedì 24 ottobre 2024 05:57:40 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
Isn't clamondacc running?
● clamonacc.service - ClamAV On-Access Scanner Loaded: loaded (/usr/lib/systemd/system/clamonacc.service; enabled; preset: disabled) Active: active (running) since Thu 2024-10-24 09:33:15 CEST; 20min ago Invocation: a3373707c2f54e6992dd929af398a65d Docs: man:clamonacc(8) man:clamd.conf(5) https://docs.clamav.net/ Process: 5863 ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait (code=exited, status=0/SUCCESS) Main PID: 5864 (clamonacc) Tasks: 8 (limit: 76213) CPU: 18.980s CGroup: /system.slice/clamonacc.service └─5864 /usr/sbin/clamonacc --ping 30:10 --wait Oct 24 09:33:15 silversurfer systemd[1]: Starting ClamAV On-Access Scanner... Oct 24 09:33:15 silversurfer systemd[1]: Started ClamAV On-Access Scanner. It is and reports no problems. And the journal is even more full of these path failure lines than before. For what I can say the postboxes and files he claims to be failures do exist. And all kinds of path failures are reported, from kmail etc. ott 24 09:56:35 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.cache/mozilla/firefox/bbdwwy2y.default-release/cache2/entries/ 9641D33C222E823145FED17E63E0DCC10B0713F9 ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshsQ ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshsQ ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:31 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite-wal ott 24 09:56:31 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite-wal ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-fee
On Thu, Oct 24, 2024 at 11:03 AM Stakanov via openSUSE Users <users@lists.opensuse.org> wrote:
In data giovedì 24 ottobre 2024 05:57:40 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
Isn't clamondacc running?
● clamonacc.service - ClamAV On-Access Scanner Loaded: loaded (/usr/lib/systemd/system/clamonacc.service; enabled; preset: disabled) Active: active (running) since Thu 2024-10-24 09:33:15 CEST; 20min ago Invocation: a3373707c2f54e6992dd929af398a65d Docs: man:clamonacc(8) man:clamd.conf(5) https://docs.clamav.net/ Process: 5863 ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait (code=exited, status=0/SUCCESS) Main PID: 5864 (clamonacc) Tasks: 8 (limit: 76213) CPU: 18.980s CGroup: /system.slice/clamonacc.service └─5864 /usr/sbin/clamonacc --ping 30:10 --wait
Oct 24 09:33:15 silversurfer systemd[1]: Starting ClamAV On-Access Scanner... Oct 24 09:33:15 silversurfer systemd[1]: Started ClamAV On-Access Scanner.
It is and reports no problems. And the journal is even more full of these path failure lines than before.
The very first google hit for "clamd[2483]: File path check failure on:" explains what needs to be done. As using Google is apparently taboo for you: https://github.com/Cisco-Talos/clamav/issues/441
For what I can say the postboxes and files he claims to be failures do exist.
And all kinds of path failures are reported, from kmail etc. ott 24 09:56:35 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.cache/mozilla/firefox/bbdwwy2y.default-release/cache2/entries/ 9641D33C222E823145FED17E63E0DCC10B0713F9 ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshsQ ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshsQ ott 24 09:56:34 silversurfer clamd[2483]: File path check failure on: /home/ entropy/.lesshst ott 24 09:56:34 silversurfer clamd[2483]: File path check failure for: /home/ entropy/.lesshst ott 24 09:56:31 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite-wal ott 24 09:56:31 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite-wal ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure for: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-feed-4023-8a89-7acd68956243^userContextId=4294967295/idb/ 3647222921wleabcEoxlt-eengsairo.sqlite ott 24 09:56:29 silversurfer clamd[2483]: File path check failure on: /home/ mercurio/.mozilla/firefox/bbdwwy2y.default-release/storage/default/moz- extension+++a57f76c5-fee
In data giovedì 24 ottobre 2024 10:15:46 Ora legale dell’Europa centrale, Andrei Borzenkov ha scritto:
The very first google hit for "clamd[2483]: File path check failure on:" explains what needs to be done. As using Google is apparently taboo for you:
from the link
Running clamdscan on files with selinux context set results in permission denied errors on rhel 8.1 workstation and Rocky Linux 8.5.
I am not using rhel, I am not using SE linux. Why would this otherwise known to me link be pertinent to my problem?
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <CAA91j0VttvT0Obiwi_Yf2M_cNCM+8+jYokO_uom-dyJ4-S=5PA@mail.gmail.com> Date & Time: Thu, 24 Oct 2024 11:15:46 +0300 [AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written: AB> On Thu, Oct 24, 2024 at 11:03 AM Stakanov via openSUSE Users AB> <users@lists.opensuse.org> wrote: [...] AB> > It is and reports no problems. And the journal is even more AB> full of these p ath failure lines than before. AB> The very first google hit for "clamd[2483]: File path check failure AB> on:" explains what needs to be done. As using Google is apparently AB> taboo for you: AB> https://github.com/Cisco-Talos/clamav/issues/441 Good point, Andrei! Stakanov, have a look; https://github.com/Cisco-Talos/clamav/issues/1050 In short; If you're running clamonacc with clamd, it may be that clamd is running as the "clamav" user and does not have permission to open these files in your home directory. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " The production of A.I. seems to carry a powerful side effect: as the machines generate intelligence, they also generate mystery. Human misunderstanding endures, possibly a permanent condition. " -- "Was Linguistic A.I. Created by Accident?" NEW YORKER --
In data giovedì 24 ottobre 2024 12:33:27 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
Hello,
In the Message;
Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <CAA91j0VttvT0Obiwi_Yf2M_cNCM+8+jYokO_uom-dyJ4-S=5PA@mail.gmail.com> Date & Time: Thu, 24 Oct 2024 11:15:46 +0300
[AB] == Andrei Borzenkov <arvidjaar@gmail.com> has written:
AB> On Thu, Oct 24, 2024 at 11:03 AM Stakanov via openSUSE Users AB> <users@lists.opensuse.org> wrote: [...] AB> > It is and reports no problems. And the journal is even more AB> full of these p ath failure lines than before.
AB> The very first google hit for "clamd[2483]: File path check failure AB> on:" explains what needs to be done. As using Google is apparently AB> taboo for you:
AB> https://github.com/Cisco-Talos/clamav/issues/441
Good point, Andrei!
Stakanov, have a look;
https://github.com/Cisco-Talos/clamav/issues/1050
In short;
If you're running clamonacc with clamd, it may be that clamd is running as the "clamav" user and does not have permission to open these files in your home directory.
Best Regards & Good Night.
--- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " The production of A.I. seems to carry a powerful side effect: as the machines generate intelligence, they also generate mystery. Human misunderstanding endures, possibly a permanent condition. "
-- "Was Linguistic A.I. Created by Accident?" NEW YORKER -- hence it would be a solution to have the users be part of "clamav user group"?
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <1760570.rJdD63ZcnJ@silversurfer> Date & Time: Thu, 24 Oct 2024 15:16:03 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data giovedì 24 ottobre 2024 12:33:27 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto: [...] MN> > In short;
MN> > If you're running clamonacc with clamd, it may be that clamd is MN> > running as the "clamav" user and does not have permission to open MN> > these files in your home directory.
hence it would be a solution to have the users be part of "clamav user group"?
No, "clamonacc --fdpass" fix your issue. That is, the --fdpass option give the file handle from clamonacc to clamd so that clamd does not need permission to open the file, where --fdpass is an extra commandline option when you start the clamonacc service. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " The production of A.I. seems to carry a powerful side effect: as the machines generate intelligence, they also generate mystery. Human misunderstanding endures, possibly a permanent condition. " -- "Was Linguistic A.I. Created by Accident?" NEW YORKER --
In data venerdì 25 ottobre 2024 04:57:24 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
No, "clamonacc --fdpass" fix your issue. That is, the --fdpass option give the file handle from clamonacc to clamd so that clamd does not need permission to open the file, where --fdpass is an extra commandline option when you start the clamonacc service.
and were would I write this option to? Bear in mind that I start the service in automatic at boot, via yast. Now there is the config, but I do not understand this as an option you set in config right? So were can I set this? Thank you in advance.
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <9956012.Z7dSrRK1ES@silversurfer> Date & Time: Sat, 26 Oct 2024 17:41:53 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data venerdì 25 ottobre 2024 04:57:24 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto:
No, "clamonacc --fdpass" fix your issue. That is, the --fdpass option give the file handle from clamonacc to clamd so that clamd does not need permission to open the file, where --fdpass is an extra commandline option when you start the clamonacc service.
and were would I write this option to? Bear in mind that I start the service in automatic at boot, via yast. Now there is the config, but I do not understand this as an option you set in config right? So were can I set this?
Please edit /usr/lib/systemd/system/clamonacc.service just like this; [Service] Type=forking User=root ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait --fdpass [...] --------- clamonacc is notorious as a cpu eater, but is it okay? Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "To hire for skills, firms will need to implement robust and intentional changes in their hiring practices — and change is hard." -- Employers don’t practice what they preach on skills-based hiring --
In data domenica 27 ottobre 2024 02:50:24 Ora standard dell’Europa centrale, Masaru Nomiya ha scritto:
clamonacc is notorious as a cpu eater, but is it okay?
For this I have to explain you that in certain countries the presence of an antivirus (as much as they are snake oil, even more if they are not on access) is mandatory and a legal requirement, with the consequence that without the latter (efficient or not) you may encounter legal consequences when your system is abused against third parties or if you suffer financial loss (in which case the service provider hit, has an easy argument to not proceed to any indemnification, even in presence of a contractual condition saying so. With other words, it may be necessary as mere condition existing, whether efficient or not. Example for such a national legislation is Italy. However having a working setup is an argument in case of legal necessity. Else, I am considering since some time the setting up of a separate hardware only for these purposes, (here this would be an argument of a very frugal system set up e.g. with SLED (because they have alike ALP ab unchangeable root, which, if I well understood, hardens the system. Apparmor has very little profiles active with me by default and I have the experience if you activate more you have a high workload to maintain these profiles and the learning curve of what is an allowable and correct behavior of every software profile is somewhat steep. Not to mention that hardware is expensive and for the electrical current I would then probably have to consider a "balcony solar panel" to set off the consumption (which costs again money at first, before amortization). I am currently in Paleo Germany were electricity prices are substantially branched to the level of prices in the local pharmacies (pun intended). As for SE Linux I consider myself unable to read in the difficult setup and maintain it, it is as far as I see, simply "over my head". So having a 12 core system with a good amount of RAM, a slight amount of CPU eaten is, by my current setup, acceptable, given all the aforementioned considerations. Processors: 12 × AMD Ryzen 5 5600G with Radeon Graphics Memory: 62.2 GiB of RAM Graphics Processor: AMD Radeon Pro W5500 Product Name: X570 Phantom Gaming 4 I have edited the file and will now see if it makes the desired difference and then report back here. Thank you for the help given.
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <3444630.MPPLTMjN7s@silversurfer> Date & Time: Sun, 27 Oct 2024 10:10:35 +0100 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data domenica 27 ottobre 2024 02:50:24 Ora standard dell’Europa centrale, Masaru Nomiya ha scritto:
MN> > clamonacc is notorious as a cpu eater, but is it okay? [...]
So having a 12 core system with a good amount of RAM, a slight amount of CPU eaten is, by my current setup, acceptable, given all the aforementioned considerations. [...]
After writing the email, I set up the same thing in my environment, and clamonacc is running smoothly with no problems in journalctl. I feel that the clamd.conf settings are the key; --- /etc/clamd.conf.orig 2024-10-23 12:17:14.546321313 +0900 +++ /etc/clamd.conf 2024-10-27 15:48:07.895738319 +0900 @@ -686,7 +686,7 @@ # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled -#OnAccessIncludePath /home +OnAccessIncludePath /home #OnAccessIncludePath /students # Set the exclude paths. All subdirectories are also excluded. @@ -697,7 +697,7 @@ # If off, fanotify will only notify if the file scanned is a virus, # and not perform any blocking. # Default: no -#OnAccessPrevention yes +OnAccessPrevention yes # When using prevention, if this option is turned on, any errors that occur # during scanning will result in the event attempt being denied. This could @@ -756,7 +756,7 @@ # It has the same potential race condition limitations of the # OnAccessExcludeUID option. # Default: disabled -#OnAccessExcludeUname clamav +OnAccessExcludeUname clamav # Number of times the OnAccess client will retry a failed scan due to # connection problems (or other issues). If you are going to use clamonacc for a client, it would be essential to investigate the various options prepared for it. Best Regards & Good Night. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ " The production of A.I. seems to carry a powerful side effect: as the machines generate intelligence, they also generate mystery. Human misunderstanding endures, possibly a permanent condition. " -- "Was Linguistic A.I. Created by Accident?" NEW YORKER --
In data domenica 27 ottobre 2024 11:09:49 Ora standard dell’Europa centrale, Masaru Nomiya ha scritto:
Hello,
In the Message;
Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <3444630.MPPLTMjN7s@silversurfer> Date & Time: Sun, 27 Oct 2024 10:10:35 +0100
Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
In data domenica 27 ottobre 2024 02:50:24 Ora standard dell’Europa centrale, Masaru Nomiya ha scritto: MN> > clamonacc is notorious as a cpu eater, but is it okay?
[...]
So having a 12 core system with a good amount of RAM, a slight amount of CPU eaten is, by my current setup, acceptable, given all the aforementioned considerations.
[...]
After writing the email, I set up the same thing in my environment, and clamonacc is running smoothly with no problems in journalctl.
I feel that the clamd.conf settings are the key;
for me the setting you gave me are working perfectly well now, the problem is gone. This corresponds to the email in the original link concerning SE linux and RHEL. But... even there the user states one system of his had the issue and several not. Now I thought first AppAmor may be involved but deactivating it had no impact. The setting of clamd were not particularly altered by me, so I will have a look, but I doubt that they are responsible for the issue. Maybe more if your user accounts have permisson 755 or 700? My users have 700 on my system, which could be the "culprit". I will have a look and report back. It would be interesting to find out.
On 2024-10-27 10:10, Stakanov via openSUSE Users wrote:
Else, I am considering since some time the setting up of a separate hardware only for these purposes, (here this would be an argument of a very frugal system set up e.g. with SLED (because they have alike ALP ab unchangeable root, which, if I well understood, hardens the system. Apparmor has very little profiles active with me by default and I have the experience if you activate more you have a high workload to maintain these profiles and the learning curve of what is an allowable and correct behavior of every software profile is somewhat steep.
Strange. I have all the profiles of Apparmor that come with the distribution without any issue or impact on the workload. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On 2024-10-27 02:50, Masaru Nomiya wrote:
Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
Hello,
Please edit /usr/lib/systemd/system/clamonacc.service just like this;
[Service] Type=forking User=root ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait --fdpass [...] ---------
Editing directly the profile has the problem that perhaps an update will replace the profile with the new default one. This is more important in TW. Maybe Stakanov should try to create an override. First, make sure that the environment variable is set to an editor you are confortable with. Default is "vi". I have: Telcontar:~ # echo $EDITOR /usr/bin/jstar Telcontar:~ # Then run: systemctl edit clamonacc This creates an override file. It is probably prefilled with commented out defaults. You need to write your changes to the service file: [Service] ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait --fdpass save and restart the service. systemctl restart clamonacc The rationale is that this writes a file with the changes to the service file: /etc/systemd/system/clamonacc.service.d/override.conf (or wherever is the correct path in TW) being a different file from the service file, it has chances of surviving updates. -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
In data domenica 27 ottobre 2024 15:51:25 Ora standard dell’Europa centrale, Carlos E. R. ha scritto:
Please edit /usr/lib/systemd/system/clamonacc.service just like this;
[Service] Type=forking User=root ExecStart=/usr/sbin/clamonacc --ping 30:10 --wait --fdpass [...] ---------
Editing directly the profile has the problem that perhaps an update will replace the profile with the new default one. This is more important in TW. Maybe Stakanov should try to create an override.
being a different file from the service file, it has chances of surviving updates.
Thank you for this. I am saving this to a howto, until I can see if an update will erase my direct changes. I did open a bugreport and maybe they will look into it (why it happens in the first place). For me this is a bug of some sort that manifests with selected users and it should be taken into account to avoid to other users the same problem. That it happens also in other circumstances and settings is known. So I will see what the solution bugowner will come up with (if any). Thank you for the info, very helpful.
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <6932287.gsLiYJJu4s@silversurfer> Date & Time: Sun, 27 Oct 2024 20:59:24 +0100 Stakanov via openSUSE Users <users@lists.opensuse.org> has written: [...]
Thank you for this. I am saving this to a howto, until I can see if an update will erase my direct changes. I did open a bugreport and maybe they will look into it (why it happens in the first place). For me this is a bug of some sort that manifests with selected users and it should be taken into account to avoid to other users the same problem. That it happens also in other circumstances and settings is known.
So I will see what the solution bugowner will come up with (if any).
This should be considered a spec, not a bug. Also, be aware that the official version of openSUSE is 1.3.1. Anyway, the clamonaccc issue is a difficult one, and several approaches have been suggested. Upstream has adopted the Ubuntu maintainer's proposal, which differs from the openSUSE one. This Ubuntu maintainer has given good advice, and this also applies to 1.4.1 users. --- For those planning to use On-Access Scanning, my advice is --- Don’t try to use it to scan the entire file system and don’t use OnAccessPrevention (unless latency is not an issue). Use it on specific directories that are likely sources of malware based on your systems use-case (for example file server directories, home directories, or website writable directories). Hopefully, this article was helpful and insightful for those who are looking to setup On-Access Scanning understand the caveats and steps necessary to get it running under Ubuntu 18.04 with ClamAV 0.102.3. Cf. https://aaronbrighton.medium.com/installation-configuration-of-clamav-antivi... As you may know, the load on the system when using clamonacc is extraordinary, so it is essential that your client understands this. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "During testing, Sakana found that its system began unexpectedly attempting to modify its own experiment code to extend the time it had to work on a problem." -- Research AI model unexpectedly attempts to modify its own code to extend runtime (ars TECHNICA) --
Hello, In the Message; Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <14302921.qpTkGadCdI@silversurfer> Date & Time: Wed, 23 Oct 2024 09:46:23 +0200 Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
Hello and thank you for your reply, much appreciated.
In data mercoledì 23 ottobre 2024 06:33:45 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto: MN> > Please show the results of; MN> > MN> > 1, $ cat /etc/clamd.conf | grep -B 3 /home
silversurfer:~ # cat /etc/clamd.conf | grep -B 3 /home # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled OnAccessIncludePath /home --
# Set the exclude paths. All subdirectories are also excluded. # Default: disabled #OnAccessExcludePath /home/user -- # It can be used multiple times. # Default: disabled #OnAccessMountPath / #OnAccessMountPath /home/user
As you can see, clamd is set by default so that it does not access anything under /home. MN> > 2. $ ls -al ~/ | grep .cache
silversurfer:~ # ls -al ~/ | grep .cache drwx------ 1 root root 316 Sep 14 12:45 .cache
The permission is wrong. This means that no program can write to .cache. Please set it like this; $ chmod 755 ~/.cache [...] MN> > You're using clamav 1.3.1, right?
silversurfer:~ # rpm clamav --version RPM version 4.19.1.1
from "security repo" 1.4.1 as version of ClavAV
Ah, I see. Same as mine. Best Regards. --- ┏━━┓彡 Masaru Nomiya mail-to: nomiya @ lake.dti.ne.jp ┃\/彡 ┗━━┛ "Microsoft is overhauling its cybersecurity strategy, called the Secure Future Initiative, to incorporate key security features into its core set of technology platforms and cloud services. " -- Microsoft overhauls cyber strategy to finally embrace security by default --
On Wed, 23 Oct 2024 17:18:52 +0900 Masaru Nomiya <nomiya@lake.dti.ne.jp> wrote:
Hello,
In the Message;
Subject : Re: Tumbleweed, Clamd is spamming my journal with thousand of line of "path check failures" making it de facto unreadable Message-ID : <14302921.qpTkGadCdI@silversurfer> Date & Time: Wed, 23 Oct 2024 09:46:23 +0200
Stakanov via openSUSE Users <users@lists.opensuse.org> has written:
Hello and thank you for your reply, much appreciated.
In data mercoledì 23 ottobre 2024 06:33:45 Ora legale dell’Europa centrale, Masaru Nomiya ha scritto: MN> > Please show the results of; MN> > MN> > 1, $ cat /etc/clamd.conf | grep -B 3 /home
silversurfer:~ # cat /etc/clamd.conf | grep -B 3 /home # multiple OnAccessIncludePath directives but each directory must be added # in a separate line. # Default: disabled OnAccessIncludePath /home --
# Set the exclude paths. All subdirectories are also excluded. # Default: disabled #OnAccessExcludePath /home/user -- # It can be used multiple times. # Default: disabled #OnAccessMountPath / #OnAccessMountPath /home/user
As you can see, clamd is set by default so that it does not access anything under /home.
MN> > 2. $ ls -al ~/ | grep .cache
silversurfer:~ # ls -al ~/ | grep .cache drwx------ 1 root root 316 Sep 14 12:45 .cache
The permission is wrong. This means that no program can write to .cache.
Please set it like this;
$ chmod 755 ~/.cache
On my system the .cache directory is owned by *ME* not by root. So I don't think the permissions are necessarily wrong (mine are drwxr-xr-x) but rather the ownership?
[...] MN> > You're using clamav 1.3.1, right?
silversurfer:~ # rpm clamav --version RPM version 4.19.1.1
from "security repo" 1.4.1 as version of ClavAV
Ah, I see.
Same as mine.
On 2024-10-23 15:26, Dave Howorth wrote:
On Wed, 23 Oct 2024 17:18:52 +0900 Masaru Nomiya <nomiya@lake.dti.ne.jp> wrote:
...
As you can see, clamd is set by default so that it does not access anything under /home.
MN> > 2. $ ls -al ~/ | grep .cache
silversurfer:~ # ls -al ~/ | grep .cache drwx------ 1 root root 316 Sep 14 12:45 .cache
The permission is wrong. This means that no program can write to .cache.
Please set it like this;
$ chmod 755 ~/.cache
On my system the .cache directory is owned by *ME* not by root. So I don't think the permissions are necessarily wrong (mine are drwxr-xr-x) but rather the ownership?
He is looking at the root's cache, not the user cache: ]> silversurfer:~ # ls -al ~/ | grep .cache ]> drwx------ 1 root root 316 Sep 14 12:45 .cache -- Cheers / Saludos, Carlos E. R. (from 15.5 x86_64 at Telcontar)
On Wed, 23 Oct 2024 15:56:19 +0200 "Carlos E. R." <robin.listas@telefonica.net> wrote:
On 2024-10-23 15:26, Dave Howorth wrote:
On Wed, 23 Oct 2024 17:18:52 +0900 Masaru Nomiya <nomiya@lake.dti.ne.jp> wrote:
...
As you can see, clamd is set by default so that it does not access anything under /home.
MN> > 2. $ ls -al ~/ | grep .cache
silversurfer:~ # ls -al ~/ | grep .cache drwx------ 1 root root 316 Sep 14 12:45 .cache
The permission is wrong. This means that no program can write to .cache.
Please set it like this;
$ chmod 755 ~/.cache
On my system the .cache directory is owned by *ME* not by root. So I don't think the permissions are necessarily wrong (mine are drwxr-xr-x) but rather the ownership?
He is looking at the root's cache, not the user cache:
]> silversurfer:~ # ls -al ~/ | grep .cache ]> drwx------ 1 root root 316 Sep 14 12:45 .cache
You're right. He's doing it as the wrong user! Doh!
In data mercoledì 23 ottobre 2024 19:07:53 Ora legale dell’Europa centrale, Dave Howorth ha scritto:
On Wed, 23 Oct 2024 15:56:19 +0200
He is looking at the root's cache, not the user cache:
]> silversurfer:~ # ls -al ~/ | grep .cache ]> drwx------ 1 root root 316 Sep 14 12:45 .cache
You're right. He's doing it as the wrong user! Doh!
entropy@silversurfer:~> ls -al ~/ | grep .cache drwxr-xr-x 99 entropy entropy 4096 24 ott 09.47 .cache
participants (6)
-
Andrei Borzenkov -
Carlos E. R. -
Dave Howorth -
Masaru Nomiya -
Robert Webb -
Stakanov