Notifications
Clear all
Topic starter 08/03/2023 1:17 pm
I came across this error while setting up real-time malware scanning with Maldet (LMD) on a Ubuntu 20.04. LTS machine. Following are the entries from maldet event_log file,
Mar 08 07:16:01 sr maldet(2056825): {mon} inotify monitoring log: /usr/local/maldetect/logs/inotify_log Mar 08 07:16:16 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:16:32 sr maldet(2056825): {mon} scanned 5 new/changed files with clamav engine Mar 08 07:18:32 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:18:48 sr maldet(2056825): {mon} scanned 28 new/changed files with clamav engine Mar 08 07:20:48 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:21:04 sr maldet(2056825): {mon} scanned 34 new/changed files with clamav engine Mar 08 07:23:04 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:23:20 sr maldet(2056825): {mon} scanned 70 new/changed files with clamav engine Mar 08 07:25:20 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:25:35 sr maldet(2056825): {mon} scanned 61 new/changed files with clamav engine Mar 08 07:27:35 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:27:49 sr maldet(2056825): {mon} scanned 79 new/changed files with clamav engine Mar 08 07:29:50 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s Mar 08 07:30:04 sr maldet(2056825): {mon} scanned 29 new/changed files with clamav engine Mar 08 07:32:04 sr maldet(2056825): {mon} warning clamd service not running; force-set monitor mode file scanning to every 120s
As you can see, maldet is having trouble accessing clamd service. So it falls back to scanning the changed files every 120 seconds. This would skip some temporary files as scans are not real time.
As it turns out, ClamAV requires some configuration. It needs to be run under root user for Maldet to detect it. Follow our instructions to install and configure ClamAV as a Daemon on Ubuntu tutorial to configure ClamAV to run under root user..
This topic was modified 2 years ago 2 times by Tharindu