ClamAV Ownership and Permissions
Uploading a new drop-off may fail due to the virus scan failing.
This can be due to several reasons:
- SELinux or AppArmor failing to allow the drop-off to be scanned
- Clamd and/or freshclam permissions being wrong
- Insufficient virtual memory for clamd
SELinux, AppArmor and Permissions
In virtually all Linux distributions, there is a security feature originally designed by the American NSA called either SELinux or AppArmor. Its purpose is to stop processes (such as clamd) being able to access files or directories that they would not normally be able to access. clamd needs to be able to access all files under /var/zendto in order to virus scan them, but this is not in its default set of SELinux permissions.
Also, the ownership and permissions of the /var/zendto/incoming directory need to be exactly right.
In any of these cases, the fastest fix is to download the ZendTo installer and unpack it. cd into it and run whichever clamav and selinux scripts are appropriate for your distribution. The installer is designed so that you can just run parts of it separately, without running the main "install.sh". This will reinstall clamav and configure the necessary ownership, permissions and SELinux settings for you automatically.
Virtual Memory
On some systems, it appears that clamd needs to have at least as much virtual memory available as the size of the file it is scanning. It does not appear to write to this virtual memory, but it will fail if it is not available.
You can test this by adding, say, another 10GB of virtual memory to your server, like this (do this as root):
dd if=/dev/zero of=/swapfile bs=1M count=10000
mkswap /swapfile
chmod go-rwx /swapfile
swapon /swapfile
If you now look at the output of top you should see you have a lot of spare swap space/virtual memory available. Try uploading a fairly large file again, and see if it works this time.
To remove the extra swap file, do this as root:
swapoff /swapfile
rm /swapfile