AnsweredAssumed Answered

clamdscan restricting the apparmor.d file to scan the files in /opt

Question asked by ayushi.agrahari on Feb 27, 2018

I have developed a project for scanning the files for virus using clamav daemon by following the links Antivirus and Virus scanning 

It is working perfectly on local but when I have deployed the amps on production,it is giving the exception

2018-02-27 15:27:03,077  DEBUG [repo.action.AntivirusActionExecuter] [DefaultScheduler_Worker-6] Execution result:
   os:         Linux
   command:    /opt/eisenvault_installations/ocr/antivirus.sh /opt/eisenvault_installations/ev-foreglimpse/tomcat/temp/Alfresco/anti_virus_check1297083609517004590_new-user-email.html.ftl
   succeeded:  true
   exit code:  2
   out:        /opt/eisenvault_installations/ev-foreglimpse/tomcat/temp/Alfresco/anti_virus_check1297083609517004590_new-user-email.html.ftl: Can't open file or directory ERROR

 

So,I have done some googling and on googling,I have found that apparmor.d file is restricting the clamdscan for scanning the files for virus.so,I have added the statement /opt/eisenvault_installations/** lrw, in /etc/apparmor.d/local/usr.sbin.clamd file and now it is working perfectly.

 

But,I wanted to know why this is happening in prod and not in local and if there is any alternative method for doing this.

Outcomes