You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
clamscan opens scanned files without using O_NOATIME, and thus resets access time.
Since typically all files are scanned on filesystem, this basically defeats using atime for anything.
atime is used for example by tmpfiles.d to determine file age, so clamscan breaks tmpfiles.d.
How to reproduce the problem
check atime on a file: ls -lau filename
scan the file with clamscan
check atime again and see that it has changed
Here is transcript:
[test10@test001 ~]$ mkdir test
[test10@test001 ~]$ perl -e 'print "A" x 1024' >test/file
[test10@test001 ~]$ ls -lau --full-time test/file
-rw-r--r--. 1 test10 test10 1024 2024-04-29 10:34:25.865646505 -0400 test/file
[test10@test001 ~]$ clamscan -r test
Loading: 24s, ETA: 0s [========================>] 8.69M/8.69M sigs
Compiling: 8s, ETA: 0s [========================>] 41/41 tasks
Database directory: /usr/local/share/clamav
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cvd: version 27260, sigs: 2060227, built on Mon Apr 29 04:23:47 2024
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 10:37:24 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021
Total number of signatures: 8707740
Platform information
uname: Linux 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Thu Feb 1 03:51:05 EST 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.3.1 (1.3.1), compile flags: a9
platform id: 0x0a21c9c90800000002040805
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
sizeof(void*) = 8
Engine flevel: 201, dconf: 201
Attachments
The text was updated successfully, but these errors were encountered:
We don't use O_NOATIME because it is required that the UID of the process match the owner UID of the file, and clam is not guaranteed to be run by the owner of all the files it scans.
Describe the bug
clamscan opens scanned files without using O_NOATIME, and thus resets access time.
Since typically all files are scanned on filesystem, this basically defeats using atime for anything.
atime is used for example by tmpfiles.d to determine file age, so clamscan breaks tmpfiles.d.
How to reproduce the problem
Here is transcript:
[test10@test001 ~]$ mkdir test
[test10@test001 ~]$ perl -e 'print "A" x 1024' >test/file
[test10@test001 ~]$ ls -lau --full-time test/file
-rw-r--r--. 1 test10 test10 1024 2024-04-29 10:34:25.865646505 -0400 test/file
[test10@test001 ~]$ clamscan -r test
Loading: 24s, ETA: 0s [========================>] 8.69M/8.69M sigs
Compiling: 8s, ETA: 0s [========================>] 41/41 tasks
/home/test10/test/file: OK
----------- SCAN SUMMARY -----------
Known viruses: 8692057
Engine version: 1.3.1
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 35.174 sec (0 m 35 s)
Start Date: 2024:04:29 10:42:12
End Date: 2024:04:29 10:42:47
[test10@test001 ~]$ ls -lau --full-time test/file
-rw-r--r--. 1 test10 test10 1024 2024-04-29 10:42:45.412563874 -0400 test/file
[test10@test001 ~]$ rpm -q clamav
clamav-1.3.1-1.x86_64
Checking configuration files in /usr/local/etc
clamd.conf not found
Config file: freshclam.conf
DatabaseMirror = "database.clamav.net"
clamav-milter.conf not found
Software settings
Version: 1.3.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR
Database information
Database directory: /usr/local/share/clamav
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cvd: version 27260, sigs: 2060227, built on Mon Apr 29 04:23:47 2024
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 10:37:24 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021
Total number of signatures: 8707740
Platform information
uname: Linux 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Thu Feb 1 03:51:05 EST 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.3.1 (1.3.1), compile flags: a9
platform id: 0x0a21c9c90800000002040805
Build information
GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
sizeof(void*) = 8
Engine flevel: 201, dconf: 201
Attachments
The text was updated successfully, but these errors were encountered: