I've installed ClamAV on my VPS and it's found on the module page under both Daemon and Executable but when using Daemon I get 'Uploaded file could not be scanned. Clamscan reported: Access denied' in my logs. When using Executable I get file_exists() [function.file-exists]: open_basedir restriction in effect. File(/usr/bin/clamscan) is not within the allowed path(s): even though open_basedir is disabled.

Any ideas?

Thanks

Comments

manarth’s picture

Status: Active » Postponed (maintainer needs more info)

When Clamscan works in daemon-mode, php saves the file to a temporary location (usually in /tmp), then sends a message to the daemon to scan that file. The daemon needs read-permissions on that temporary file (and typically write-permissions, to remove the file if it's infected).

As for executable-mode, it sounds like PHP doesn't have permission to execute /usr/bin/clamscan.
First, check that the path to the executable is indeed /usr/bin/clamscan (typing which clamscan on the command line should show the correct path). Second, check that the webserver user (usually www-data/apache/httpd) has execute permissions on clamscan - chmod o+x /usr/bin/clamscan should do the trick. Finally, check whether safe-mode is switched on. If it is, I'd recommend switching safe-mode off (because it's deprecated, it's an incomplete solution, and its use is discouraged by the php community), or adding the clamscan path to the safe_mode_exec_dir ini setting.

Hopefully one of these should resolve the problem!

drupal centric’s picture

Great thanks I'll check these out.

manarth’s picture

Status: Postponed (maintainer needs more info) » Closed (fixed)

ClamAV now supports instream scanning, which should provide a way to bypass the problems described here.