ClamAV throwing repeated warning messages

Support for security such as Firewalls and securing linux
Post Reply
Posts: 1
Joined: 2020/07/01 19:01:54

ClamAV throwing repeated warning messages

Post by amclean17 » 2020/07/01 19:04:46

I'm trying to install ClamAV on AWS EC2 instances running CentOS 7. I have on-access scanning enabled in notify-only mode, so OnAccessPrevention is turned off.

It all works, but the log files are rapidly filled with warning messages. Can't exactly point Splunk to a log file that messed up.

clamonacc logs this message:

Code: Select all

`ClamMisc: $/proc/8086 vanished before UIDs could be excluded; scanning anyway`  
The number is different in most entries, but the message is the same, prints over and over fast as it can. I find this a bit strange because I've tried adding /proc/ to excluded directories.

clamd logs this message:

Code: Select all

`WARNING: lstat() failed on: /opt/splunkforwarder/etc/apps/xxxxx/bin/`  
I can't disclose some of that directory, hence the xxxxx, but it logs this for most everything under /opt/splunkforwarder/ and a few files under /home/ too.

clamd is running under the service account clamscan, clamonacc is running as root (although I'm wondering if perhaps it shouldn't)

Any ideas on a way to stop these messages?

Post Reply

Return to “CentOS 7 - Security Support”