CLAMAV clamonacc not working on rhel 8.

[evvvivek]

Clamonacc not working in rhel 8.

I have installed clamav on rhel 8, I have freshclam and clamd services running, while clamonacc service doesnt detect eicar test file when included test file path in scan.conf. Clamonacc does not recognize OnAccessIncludePath when testing eicar file. when adding OnAccessmountpath in scan.conf as root directory it is chceck all the files with permission denied.

How to reproduce the problem

Install clamav on rhel8, start clamd, freshclam and clamonacc services. place the eicar file and set OnAccessIncludePath with directory eicar file is present or download the file once the OnAccessIncludePath is setup. clamonacc is not reporting eicar file in logs, but clamscan is detecting and showing the file in summary with infected files count and file name.

clamconf -n

Config file: clamd.d/scan.conf

LogFile = "/var/log/clamscan/clam_findings.log"
LogFileUnlock = "yes"
LogFileMaxSize = "104857600"
LogTime = "yes"
LogSyslog = "yes"
LogVerbose = "yes"
LogRotate = "yes"
ExtendedDetectionInfo = "yes"
PidFile = "/run/clamd.scan/clamd.pid"
TemporaryDirectory = "/var/tmp"
LocalSocket = "/run/clamd.scan/clamd.sock"
LocalSocketMode = "660"
MaxThreads = "5"
SendBufTimeout = "200"
FollowDirectorySymlinks = "yes"
FollowFileSymlinks = "yes"
User = "clamscan"
OnAccessIncludePath = "/media/clamtest"
OnAccessExcludePath = "/var/log/audit", "/var/log", "/home"
OnAccessExcludeRootUID = "yes"
OnAccessExcludeUname = "clamav"
OnAccessMaxFileSize = "4294967295"

Config file: freshclam.conf

LogFileMaxSize = "104857600"
LogTime = "yes"
LogSyslog = "yes"
LogVerbose = "yes"
LogRotate = "yes"
PidFile = "/var/run/clam.pid"
UpdateLogFile = "/var/log/freshclam.log"
DatabaseMirror = "database.clamav.net"

mail/clamav-milter.conf not found

Software settings

Version: 1.0.7
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON

Database information

Database directory: /var/lib/clamav
daily.cld: version 27447, sigs: 2067641, built on Sun Nov 3 03:33:29 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 07:32:42 2021
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 09:37:24 2024
Total number of signatures: 8715154

Platform information

uname: Linux 4.18.0-553.22.1.el8_10.x86_64 #1 SMP Wed Sep 11 18:02:00 EDT 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a21a7a70800000002080500

Build information

GNU C: 8.5.0 20210514 (Red Hat 8.5.0-22) (8.5.0)
sizeof(void*) = 8
Engine flevel: 167, dconf: 167

rpm -qa | grep clam
clamav-filesystem-1.0.7-1.el8.noarch
clamd-1.0.7-1.el8.x86_64
clamav-1.0.7-1.el8.x86_64
clamav-freshclam-1.0.7-1.el8.x86_64
clamav-devel-1.0.7-1.el8.x86_64

ps -aux | grep clam
clamscan 22212 0.0 4.2 1633232 1348632 ? Ssl Nov01 0:34 /usr/sbin/clamd -c /etc/clamd.d/scan.conf
root 22559 0.0 0.0 299304 5496 ? Ssl Nov01 0:00 clamonacc
clamupd+ 1113531 0.0 0.0 121176 12792 ? Ss 22:30 0:00 /usr/bin/freshclam -d --foreground=true
userexmpl+ 1113806 0.0 0.0 15484 2360 pts/12 S+ 22:31 0:00 grep --color=auto clam

Logs

Client disconnected (FD 10)
Client disconnected (FD 10)
Client disconnected (FD 10)

only thing looks suspicious in logs is above