Closed (fixed)
Project:
ClamAV
Version:
6.x-1.0-beta2
Component:
Code
Priority:
Normal
Category:
Support request
Assigned:
Reporter:
Created:
17 Nov 2010 at 13:15 UTC
Updated:
20 May 2012 at 23:17 UTC
I've installed ClamAV on my VPS and it's found on the module page under both Daemon and Executable but when using Daemon I get 'Uploaded file could not be scanned. Clamscan reported: Access denied' in my logs. When using Executable I get file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/clamscan) is not within the allowed path(s): even though open_basedir is disabled.
Any ideas?
Thanks
Comments
Comment #1
manarth commentedWhen Clamscan works in daemon-mode, php saves the file to a temporary location (usually in /tmp), then sends a message to the daemon to scan that file. The daemon needs read-permissions on that temporary file (and typically write-permissions, to remove the file if it's infected).
As for executable-mode, it sounds like PHP doesn't have permission to execute /usr/bin/clamscan.
First, check that the path to the executable is indeed /usr/bin/clamscan (typing
which clamscanon the command line should show the correct path). Second, check that the webserver user (usually www-data/apache/httpd) has execute permissions on clamscan -chmod o+x /usr/bin/clamscanshould do the trick. Finally, check whether safe-mode is switched on. If it is, I'd recommend switching safe-mode off (because it's deprecated, it's an incomplete solution, and its use is discouraged by the php community), or adding the clamscan path to the safe_mode_exec_dir ini setting.Hopefully one of these should resolve the problem!
Comment #2
drupal centric commentedGreat thanks I'll check these out.
Comment #3
manarth commentedClamAV now supports instream scanning, which should provide a way to bypass the problems described here.