Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

clamscan resets atime, because O_NOATIME is not used #1261

Open
staskysel opened this issue Apr 30, 2024 · 1 comment
Open

clamscan resets atime, because O_NOATIME is not used #1261

staskysel opened this issue Apr 30, 2024 · 1 comment

Comments

@staskysel
Copy link

Describe the bug

clamscan opens scanned files without using O_NOATIME, and thus resets access time.
Since typically all files are scanned on filesystem, this basically defeats using atime for anything.
atime is used for example by tmpfiles.d to determine file age, so clamscan breaks tmpfiles.d.

How to reproduce the problem

  1. check atime on a file: ls -lau filename
  2. scan the file with clamscan
  3. check atime again and see that it has changed
    Here is transcript:

[test10@test001 ~]$ mkdir test
[test10@test001 ~]$ perl -e 'print "A" x 1024' >test/file
[test10@test001 ~]$ ls -lau --full-time test/file
-rw-r--r--. 1 test10 test10 1024 2024-04-29 10:34:25.865646505 -0400 test/file
[test10@test001 ~]$ clamscan -r test
Loading: 24s, ETA: 0s [========================>] 8.69M/8.69M sigs
Compiling: 8s, ETA: 0s [========================>] 41/41 tasks

/home/test10/test/file: OK

----------- SCAN SUMMARY -----------
Known viruses: 8692057
Engine version: 1.3.1
Scanned directories: 1
Scanned files: 1
Infected files: 0
Data scanned: 0.00 MB
Data read: 0.00 MB (ratio 0.00:1)
Time: 35.174 sec (0 m 35 s)
Start Date: 2024:04:29 10:42:12
End Date: 2024:04:29 10:42:47
[test10@test001 ~]$ ls -lau --full-time test/file
-rw-r--r--. 1 test10 test10 1024 2024-04-29 10:42:45.412563874 -0400 test/file
[test10@test001 ~]$ rpm -q clamav
clamav-1.3.1-1.x86_64

Checking configuration files in /usr/local/etc

clamd.conf not found

Config file: freshclam.conf

DatabaseMirror = "database.clamav.net"

clamav-milter.conf not found

Software settings

Version: 1.3.1
Optional features supported: MEMPOOL AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON RAR

Database information

Database directory: /usr/local/share/clamav
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cvd: version 27260, sigs: 2060227, built on Mon Apr 29 04:23:47 2024
bytecode.cvd: version 335, sigs: 86, built on Tue Feb 27 10:37:24 2024
main.cvd: version 62, sigs: 6647427, built on Thu Sep 16 08:32:42 2021
Total number of signatures: 8707740

Platform information

uname: Linux 4.18.0-513.18.1.el8_9.x86_64 #1 SMP Thu Feb 1 03:51:05 EST 2024 x86_64
OS: Linux, ARCH: x86_64, CPU: x86_64
zlib version: 1.3.1 (1.3.1), compile flags: a9
platform id: 0x0a21c9c90800000002040805

Build information

GNU C: 4.8.5 20150623 (Red Hat 4.8.5-44) (4.8.5)
sizeof(void*) = 8
Engine flevel: 201, dconf: 201

Attachments
@ragusaa
Copy link
Contributor

ragusaa commented May 6, 2024

Hi,

Thank you for your submission.

We don't use O_NOATIME because it is required that the UID of the process match the owner UID of the file, and clam is not guaranteed to be run by the owner of all the files it scans.

Thanks,
Andy

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ragusaa @staskysel