September 12, 2021

Clamdscan permission denied.

Running clamdscan on Ubuntu 20.04 throws:

ERROR: Could not connect to clamd on LocalSocket /var/run/clamav/clamd.ctl: Permission denied

Output of clamconf -n:

Checking configuration files in /etc/clamav

Config file: clamd.conf
———————–
PreludeAnalyzerName = “ClamAV”

LogFile = “/var/log/clamav/clamd.log”

LogFileMaxSize = “2097152”

LogTime = “yes”

LogRotate = “yes”
ExtendedDetectionInfo = “yes”

PidFile = “/var/run/clamd.pid”

TemporaryDirectory = “/tmp”

LocalSocket = “/var/run/clamav/clamd.ctl”

LocalSocketGroup = “root”

MaxQueue = “150”

ExcludePath = “^/proc/”, “^/sys/”

User = “root”

BytecodeTimeout = “5000”

DetectPUA = “yes”

HeuristicScanPrecedence = “yes”

MaxScanTime = “200000”

MaxScanSize = “157286400”

MaxFileSize = “31457280”

PCRERecMatchLimit = “3000”

OnAccessIncludePath = “/home/mandi/Downloads”

OnAccessExcludeRootUID = “yes”

OnAccessExcludeUname = “clamav”, “clamd”

OnAccessMaxFileSize = “10485760”

OnAccessExtraScanning = “yes”

OnAccessCurlTimeout = “6000”

OnAccessRetryAttempts = “2”

Config file: freshclam.conf
—————————
LogFileMaxSize = “4294967295”

LogTime = “yes”

LogRotate = “yes”

UpdateLogFile = “/var/log/clamav/freshclam.log”

DatabaseOwner = “root”

DatabaseMirror = “db.se.clamav.net”, “db.local.clamav.net”, “database.clamav.net”

MaxAttempts = “5”

DatabaseCustomURL = “https://urlhaus.abuse.ch/downloads/urlhaus.ndb”

ConnectTimeout = “600”

ReceiveTimeout = “1800”

clamav-milter.conf not found

Software settings
—————–
Version: 0.104.0

Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information
——————–
Database directory: /var/lib/clamav

[3rd Party] WShell_Drupalgeddon2_icos.yar: 26 sigs

[3rd Party] bank_rule.yar: 11 sigs

bytecode.cvd: version 333, sigs: 92, built on Mon Mar 8 16:21:51 2021

[3rd Party] CVE-2013-0422.yar: 25 sigs

[3rd Party] EMAIL_Cryptowall.yar: 52 sigs

[3rd Party] Maldoc_Suspicious_OLE_target.yar: 18 sigs

[3rd Party] hackingteam.hsb: 435 sigs

[3rd Party] rfxn.hdb: 12932 sigs

[3rd Party] winnow_spam_complete.ndb: 26 sigs

[3rd Party] spam_marketing.ndb: 31016 sigs

[3rd Party] whitelist.fp: 3081 sigs

[3rd Party] securiteinfoandroid.hdb: 38740 sigs

[3rd Party] securiteinfohtml.hdb: 55336 sigs

[3rd Party] securiteinfopdf.hdb: 3408 sigs

[3rd Party] Email_quota_limit_warning.yar: 31 sigs

[3rd Party] interserver256.hdb: 28383 sigs

[3rd Party] interservertopline.db: 1137 sigs

[3rd Party] winnow_extended_malware.hdb: 245 sigs

[3rd Party] foxhole_js.ndb: 4 sigs

[3rd Party] foxhole_filename.cdb: 2612 sigs

[3rd Party] winnow_extended_malware_links.ndb: 1 sig

[3rd Party] bofhland_cracked_URL.ndb: 40 sigs

[3rd Party] foxhole_generic.cdb: 212 sigs

[3rd Party] rogue.hdb: 1091 sigs

[3rd Party] phishtank.ndb: 9873 sigs

[3rd Party] blurl.ndb: 3522 sigs

[3rd Party] CVE-2015-2545.yar: 76 sigs

[3rd Party] securiteinfo.hdb: 151603 sigs

[3rd Party] winnow_bad_cw.hdb: 1 sig

[3rd Party] CVE-2018-20250.yar: 22 sigs

[3rd Party] EK_BleedingLife.yar: 112 sigs

[3rd Party] CVE-2015-5119.yar: 22 sigs

[3rd Party] spamattach.hdb: 14 sigs

[3rd Party] rfxn.ndb: 2039 sigs
[3rd Party] shelter.ldb: 49 sigs

[3rd Party] spearl.ndb: 1 sig

[3rd Party] winnow_malware.hdb: 293 sigs

[3rd Party] spamimg.hdb: 200 sigs

[3rd Party] jurlbl.ndb: 6112 sigs

[3rd Party] MiscreantPunch099-Low.ldb: 1199 sigs

[3rd Party] securiteinfoold.hdb: 3524261 sigs

[3rd Party] javascript.ndb: 43708 sigs

[3rd Party] porcupine.hsb: 121 sigs

[3rd Party] urlhaus.ndb: 13058 sigs

[3rd Party] email_Ukraine_BE_powerattack.yar: 33 sigs

[3rd Party] securiteinfoascii.hdb: 98649 sigs

[3rd Party] shellb.db: 292 sigs

[3rd Party] securiteinfo.ign2: 93 sigs

[3rd Party] CVE-2018-4878.yar: 39 sigs

[3rd Party] scam.ndb: 12747 sigs

[3rd Party] winnow_malware_links.ndb: 133 sigs

[3rd Party] WShell_ASPXSpy.yar: 21 sigs

[3rd Party] CVE-2013-0074.yar: 22 sigs

[3rd Party] spam.ldb: 2 sigs

[3rd Party] malwarepatrol.db: 0 sig

[3rd Party] winnow_phish_complete_url.ndb: 54 sigs

[3rd Party] jurlbla.ndb: 1795 sigs

[3rd Party] Sanesecurity_spam.yara: 46 sigs

main.cvd: version 61, sigs: 6607162, built on Thu Jul 15 04:39:10 2021

[3rd Party] zip_files.pwdb: 1 sig

[3rd Party] My_whitelist.fp: 2 sigs

[3rd Party] CVE-2010-1297.yar: 20 sigs

[3rd Party] scam.yar: 35 sigs

[3rd Party] lott.ndb: 2335 sigs

[3rd Party] sigwhitelist.ign2: 12 sigs

[3rd Party] CVE-2015-2426.yar: 49 sigs

[3rd Party] bofhland_malware_attach.hdb: 1836 sigs

[3rd Party] phish.ndb: 28050 sigs

daily.cld: version 26291, sigs: 1971981, built on Sat Sep 11 10:25:20 2021

[3rd Party] CVE-2016-5195.yar: 40 sigs

[3rd Party] Maldoc_PowerPointMouse.yar: 23 sigs

[3rd Party] bofhland_malware_URL.ndb: 4 sigs

[3rd Party] Sanesecurity_sigtest.yara: 54 sigs

[3rd Party] CVE-2010-0887.yar: 22 sigs

[3rd Party] junk.ndb: 55801 sigs

[3rd Party] porcupine.ndb: 6575 sigs

[3rd Party] spear.ndb: 1 sig

[3rd Party] CVE-2015-1701.yar: 30 sigs

[3rd Party] shell.ldb: 57 sigs

[3rd Party] bofhland_phishing_URL.ndb: 72 sigs

[3rd Party] malwarehash.hsb: 771 sigs

[3rd Party] CVE-2012-0158.yar: 27 sigs

[3rd Party] Maldoc_DDE.yar: 23 sigs

[3rd Party] CVE-2010-0805.yar: 19 sigs

[3rd Party] CVE-2017-11882.yar: 66 sigs

[3rd Party] rfxn.yara: 11527 sigs

[3rd Party] Email_fake_it_maintenance_bulletin.yar: 29 sigs

[3rd Party] foxhole_js.cdb: 48 sigs

[3rd Party] badmacro.ndb: 621 sigs

[3rd Party] shell.hdb: 4274 sigs

[3rd Party] sanesecurity.ftm: 170 sigs

[3rd Party] winnow.attachments.hdb: 182 sigs

[3rd Party] winnow.complex.patterns.ldb: 3 sigs

Total number of signatures: 12741088

Platform information
——————–
uname: Linux 5.4.0-84-generic #94-Ubuntu SMP Thu Aug 26 20:27:37 UTC 2021 x86_64

OS: Linux, ARCH: x86_64, CPU: x86_64

Full OS version: Ubuntu 20.04.3 LTS

zlib version: 1.2.11 (1.2.11), compile flags: a9

platform id: 0x0a218c8c0800000000090300

Build information
—————–
GNU C: 9.3.0 (9.3.0)

sizeof(void*) = 8

Engine flevel: 140, dconf: 140

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.