Configure clamdscan to scan all files on a system on Ubuntu 12.04

Question

I did the following to install clamscan:

sudo aptitude install clamav 
sudo aptitude install clamav-daemon

and verified:

sudo ps -eal | grep clam
1 S 116 4788 1 2 80 0 - 4004 pause ? 00:00:13 freshclam
1 S 116 5930 1 0 80 0 - 69984 poll_s ? 00:00:00 clamd 

however when I try to scan all the files on the the system by running

#sudo clamdscan /

I keep getting the following error message:

lstat() failed: Permission denied. ERROR

However if I run

sudo clamscan /

it works, but this process is much longer and not a good option.

From my understanding clamd uses the user 'clamav' and is listed in the /etc/clamav/clamd.conf file. I've added the user clamav to the following groups : root, adm, sudo but it still doesn't work.

I've also tried disabling Apparmor as I read that could be the issue but no success.

Answer 1

sudo clamdscan /path/to/some_file.txt will pass the request along to the clamd daemon. That daemun runs under a different user, which may not have access to /path/to/some_file.txt

However, the user invoking the command, may very well have access to that file. In order to pass your permissions along to the daemon, use the --fdpass flag:

--fdpass
    Pass the file descriptor permissions to clamd. This is useful if clamd is running as a different user as it is faster than streaming the file to clamd. Only available if connected to clamd via local(unix) socket. 

In your case sudo clamdscan --fdpass / should do the trick.