Clamscan segmentation fault (Solved)

[joegumbo]

I'm running Wheezy 64-bit fully updated.

When I try to run clamscan, I keep getting the following problem:

joegumbo@PC-0:~$ clamscan -a -i -r -z --remove --bell /home/joegumbo/.*
Segmentation fault
joegumbo@PC-0:~$ su -
Password:
root@PC-0:~# clamscan -a -i -r -z --remove /home/joegumbo/.*
Segmentation fault
root@PC-0:~# clamscan -a -i -r /home/joegumbo/.*
Segmentation fault

I updated aptitude

aptitude update

and then

aptitude safe-upgrade

Then

aptitude remove clamav

Then

aptitude install clamav]

Then, I tried again

root@PC-0:~# logout
joegumbo@PC-0:~$ clamscan -a -i -r -z --remove /home/joegumbo/.*
Segmentation fault

I uninstalled clamav and re-installed it using aptitude.

I've tried searching the net and this forum for the solution withy no luck.

Thanks,
-Joe

[joegumbo]

i don't know if this should be marked solved or not.

I've been tinkering around a bit and something does not make sense...

The segmentation fault occurs when scanning /home/joegumbo as joegumbo.

The segmentation fault occurs when "su -" and then scanning /home/joegumbo as root.

"joegumbo" is now added to "sudoers" group. The error does not seem to occur if

155 sudo clamscan -a -i -r -z --remove --bell /home/joegumbo/.*

Is there something with permissions happening here? 'root' should be king. But, it throws an error.
'sudoer' does seem to work. At least, it does not throw any errors.

[MaryNerdy]

just a quick question, please do not let this derail the thread: what exactly is clamscan? how do you perform a clam scan at all and what is its purpose? I hope its one of those quick easy simple answers because you seem to know much more than me, I don't want to mess up your thread but I don't want to make a completely new one.

[joegumbo]

'clamav' is an antivirus app.

Even though using it is probably overkill for a desktop pc, I like to check anyhow. Believe it or not, I do find malware in ~/.mozilla occasionally. I also sometimes find email malware. 'clamav' finds the malware and heps remove it.

'clamscan' is the command you use to check for viruses.

http://www.clamav.net/index.html

[MaryNerdy]

'clamav' is an antivirus app.

Even though using it is probably overkill for a desktop pc, I like to check anyhow. Believe it or not, I do find malware in ~/.mozilla occasionally. I also sometimes find email malware. 'clamav' finds the malware and heps remove it.

'clamscan' is the command you use to check for viruses.

http://www.clamav.net/index.html

wow thanks! you just type clamscam in terminal? thats it? how do you get it to search your email?

[joegumbo]

This topic is veering a bit. But, that's OK It doesn't seem like there is a known solution for my issue. I'm glad if this thread can help someone

Basically, you type 'clamscan'

Then, you tell 'clamscan' how you want it to do, what you want it to do, and how you want the output. If you don't tell 'clamscan' anything, it will print out a ridiculously long list of all the files it scanned... infected and uninfected.
If you only want it to print out a list of infected files, you would type
clamscan -i

Next, you tell 'clamscan' whhere you want it to check.
You could decide on having it check your whole /home directory.

If you want it to only print a list of infected files in your username's /home directory, you would tell 'clamscan:
clamscan -i /home/your_user_name

In my case, I only check the hidden files and directories. The hidden directories are preceded with a dot (.).
The hidden folder for your email client is usually contained in a hidden directory in /home/your_user_name.

The asterisk(*) is a wildcard. So I use this to check all my hidden files and directories including the emails that my email client has downloaded, as well as my browser's hidden directory.

If you want to list only the infected files in the hidden directories in your user's /home, then as user (not root) type the command
clamscan -i /home/your_user_name/.*
(I force the full path. It doesn't hurt anything.)

I also like to make sure all sub-directories are checked as well. (Scan the directories recursively.) To do that, you would use '-r'

So, to check the hidden files and directories , check recursively inside each folder, print out only the infected files in your username's homefolder:
clamscan -r -i /home/your_user_name/.*

You could, of course, check your user's home as root. But then, you would want to use the full path /home/your_user_name and scan.

As root, you could also just 'cd' to your directory and use the appropriate path.

You will need to 'su -' to root to update clamav.

Use the command: 'freshclam'

For more info, type either

clamscan --help

or

man clamscan

in terminal or konsole or whatever.

Good luck!
-Joe

PS. I find that on my system, I need to use sudo to scan my home/user-name folder.

But, sudo does not work when I try to update with 'freshclam'

To update with 'freshclam' I need to 'su -' to root. Then, 'freshclam' works.

The following is a list of repositories to update if anyone is curious:

Code: Select all

 
Hit http://ftp.us.debian.org wheezy Release.gpg
Get: 1 http://ftp.us.debian.org wheezy-updates Release.gpg [836 B]           
Hit http://ftp.us.debian.org wheezy Release                                  
Hit http://apt.spideroak.com release Release.gpg                             
Get: 2 http://ftp.us.debian.org wheezy-updates Release [124 kB]              
Get: 3 http://security.debian.org wheezy/updates Release.gpg [836 B]         
Hit http://apt.spideroak.com release Release                                 
Hit http://linux.dropbox.com wheezy Release.gpg                              
Get: 4 http://security.debian.org wheezy/updates Release [102 kB]            
Hit http://linux.dropbox.com wheezy Release                                  
Hit http://apt.spideroak.com release/restricted amd64 Packages               
Hit http://repo.wuala.com stable Release.gpg                                 
Hit http://linux.dropbox.com wheezy/main amd64 Packages                      
Hit http://ftp.us.debian.org wheezy/main Sources                             
Hit http://ftp.us.debian.org wheezy/main amd64 Packages                      
Hit http://ftp.us.debian.org wheezy/main Translation-en                      
Get: 5 http://ftp.us.debian.org wheezy-updates/main Sources [4,478 B]        
Hit http://ftp.us.debian.org wheezy-updates/main amd64 Packages/DiffIndex    
Get: 6 http://security.debian.org wheezy/updates/main Sources [127 kB]
Hit http://ftp.us.debian.org wheezy-updates/main Translation-en/DiffIndex    
Hit http://repo.wuala.com stable Release
Get: 7 http://security.debian.org wheezy/updates/main amd64 Packages [216 kB]
Hit http://repo.wuala.com stable/main amd64 Packages                         
Ign http://apt.spideroak.com release/restricted Translation-en_US            
Ign http://apt.spideroak.com release/restricted Translation-en               
Get: 8 http://security.debian.org wheezy/updates/main Translation-en [121 kB]
Ign http://linux.dropbox.com wheezy/main Translation-en_US                   
Ign http://linux.dropbox.com wheezy/main Translation-en
Ign http://repo.wuala.com stable/main Translation-en_US
Ign http://repo.wuala.com stable/main Translation-en

[joegumbo]

Oops! I forgot.

There is a graphical frontend to clamav. Just install ClamTK. 'clamav' will be installed as a dependency.

[joegumbo]

Just a quick update:

I did a fresh re-install of Wheezy.

The segmentation fault is still occuring when 'clamscan -a -i -r -z -- remove /home/joegumbo/.mozilla/*' is run.

However, there is no segmentation fault when '--remove' is removed.

'clamscan -a -i -r -z /home/joegumbo/.mozilla/*' works.

I'm going to mark this thread solved. For whatever reason, '--remove' is causing problems.

This is likely a clamav thing, not a Debian thing.

[DeepDayze]

@joegumbo, I would think that this could be a bug if --remove option causes a segfault. You can use reportbug to file a bug against the clamav package

[joegumbo]

Thank you DeepDayze.

I have sent a bug report. I'm not a maintainer, just a user. I hope that's OK.

Thanks,
-Joe