"PrivateTmp = true" was added to the clamd@.service unit file per request of Dan Walsh in bug 782488. Since version 0.99, Clam AntiVirus has been able to use fanotify() in order to provide on-access scanning: http://blog.clamav.net/2016/03/configuring-on-access-scanning-in-clamav.html Unfortunately, using "PrivateTmp = true" silently breaks all on-access scanning features. Not only does on-access scanning for /tmp and /var/tmp not work (because the clamd service is not looking at the real /tmp and /var/tmp directories), but all other uses of OnAccessIncludePath and OnAccessMountPath silently fail as well. This is trivial to test. As root: $ cat >/etc/clamd.d/root.conf <<EOF ExtendedDetectionInfo yes LocalSocket /var/run/clamd.sock ScanOnAccess yes OnAccessExcludeUID 0 OnAccessExtraScanning yes OnAccessMountPath /home OnAccessMountPath /tmp OnAccessMountPath /var/tmp EOF $ systemctl start clamd@root As a regular user, cd to your home directory, and do: $ cat >/home/testuser/eicar.com <<EOF X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* EOF Result: the clamd daemon will not receive a fanotify event, and therefore will not detect the creation of the test virus file. Now turn off the PrivateTmp feature. As root: $ cat >/etc/systemd/system/clamd@.service .include /usr/lib/systemd/system/clamd@.service [Service] PrivateTmp = false EOF $ systemctl daemon-reload $ systemctl restart clamd@root As the regular user, cat the eicar.com test file: $ cat eicar.com X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* Now, the clam daemon will receive the fanotify event, and emit something like this: 2017-06-22T16:41:41.758517-04:00 host.example.org clamd: ScanOnAccess: /home/testuser/eicar.com: Eicar-Test-Signature(69630e4574ec6798239b091cda43dca0:69) FOUND While in general, "PrivateTmp = true" is a good idea, it *MUST NOT* be used with clamav, because a service with PrivateTmp = true will never receive any fanotify() events, which breaks clamav core functionality. Please remove the "PrivateTmp = true" line from the clamd@.service file.
This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component.
This bug appears to have been reported against 'rawhide' during the Fedora 27 development cycle. Changing version to '27'.
*** Bug 1464270 has been marked as a duplicate of this bug. ***
clamav-0.99.2-15.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
clamav-0.99.2-15.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
clamav-0.99.2-16.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
clamav-0.99.2-16.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-546d6f3abc
clamav-0.99.2-17.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e5ec6ca2
clamav-0.99.2-17.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1713497ca1
clamav-0.99.2-17.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-1713497ca1
clamav-0.99.2-17.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-e5e5ec6ca2
clamav-0.99.2-18.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a1f469c85
clamav-0.99.2-18.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1
clamav-0.99.2-18.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2018-11ba3bced1
clamav-0.99.2-18.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2a1f469c85
clamav-0.99.2-18.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Sorry to resurrect an old ticket, but we have a handful of users over on the Clam project who are reporting problems related to this issue, ala: https://bugzilla.clamav.net/show_bug.cgi?id=12272 Did what I could on my end, but promised them I'd bump this up your queue to look at again. Cheers, Mickey Sola
> While in general, "PrivateTmp = true" is a good idea, it *MUST NOT* be used > with clamav, because a service with PrivateTmp = true will never receive any > fanotify() events, which breaks clamav core functionality. > > Please remove the "PrivateTmp = true" line from the clamd@.service file. I did this (removed PrivateTmp = true ) and I can't read https://bugzilla.clamav.net/show_bug.cgi?id=12272 ( You are not authorized to access bug #12272. ) user sergio.at.serjux.com what is your issue ? Thanks,