2

Dead links cause a message in the form of ERROR: Can't access file [dead link path] to be printed which doesn't make too much sense because it's not an error in terms of a virus scan, it's just an unimportant state of an unimportant part of the filesystem, it's a debugging or trace message.

Example:

> cd /tmp/test/
> ln -s -T /inexisting file
> sudo clamdscan --fdpass --multiscan /tmp/test/
ERROR: Can't access file /tmp/test/file

----------- SCAN SUMMARY -----------
Infected files: 0
Total errors: 1
Time: 0.000 sec (0 m 0 s)

Can I avoid this message with a built-in option of clamd? It doesn't prevent clamd from working well, but clutters up the output. I checked them and none appears convincing, but they're not overly clear in names and the configuration files wasn't commented. It's not worth to figure this out in detail or filtering the output.

Removing the links is work intensive (not only once, but every time e.g. a build process creates such links) and doesn't lead to a deterministic suppression of the issue. It's a valid temporary workaround.

I'm using 0.99.2+dfsg-2ubuntu2 on Ubuntu 16.10.

Kalle Richter
  • 6,180
  • 21
  • 70
  • 103

1 Answers1

3

According to the man page the default is to not follow links so I think you are getting this error due to a misconfiguration of /etc/clamav/clamd.conf which I assume was edited as clamd creates it the first time it runs.

Regardless you'll want to edit the file and comment out the line.

FollowFileSymlinks (yes/true/1)<-it will have one of these equivalent boolean values

and if you don't want to follow directory symlinks either comment out the line

FollowDirectorySymlinks (yes/true/1)<-it will have one of these equivalent boolean values

as well. This should return you back to default operation and eliminate the ERROR: Can't access file /tmp/test/file

Alternatively: If you prefer, rather than commenting out the line that's deviating from default behavior you can simply choose to set it to one of the following: no, false, or 0

If that doesn't solve your problem you've discovered a bug and should report it.

Elder Geek
  • 36,023
  • 25
  • 98
  • 183
  • 2
    Then the user should be able to grep -i symlinks /etc/clamav/clamd.conf to see if both values are set to false. Mine are. – heynnema May 01 '17 at 23:57
  • @heynemma Umm, set to yes I think you mean, but yes grep could be useful for this. Although the unwanted behavior indicates that editing is required anyway, so why grep? – Elder Geek May 02 '17 at 00:00
  • No, the prefs Follow_blah_blah, and false means don't follow. – heynnema May 02 '17 at 00:02
  • 1
    @ElderGeek Why not just set them to false, instead of commenting them out. No ambiguity then. You don't know what the default values are if the parameters aren't there. – heynnema May 02 '17 at 00:15
  • If it was me... I'd use my grep to find out what the current values are, and if they're not both false, then edit the file, but don't comment out those lines... change the values to false. Always nice talking with you :-) – heynnema May 02 '17 at 00:19
  • @heynnema Thanks for the suggestion! On my system you need to grep for Symlinks with a capital S, to check that config. – Jason R Stevens CFA Oct 12 '21 at 21:42
  • 1
    @JasonRStevensCFA As per my first comment, grep -i takes care of upper/lower case letters. See man grep. – heynnema Oct 13 '21 at 01:59
  • Mine already have those value set to false so, I don't get it. – MaXi32 Nov 28 '22 at 02:43