clamscan using maldet Error: Servname not supported for ai_socktype
Solution 1
I think your problem lies in the fact that there are two scan executables: clamscan and clamdscan. The second one relies on the clamav-daemon - system service. In fact if you shut down this service and try to scan a file with the clamdscan executable in fact you'll get:
'ERROR: Could not lookup : Servname not supported for ai_socktype'.
I have never used maldet as you can read in your logs:
maldet(4954): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine...
it is in fact using the binary which needs the above mentioned service to be running.
Solution 2
I can't guarantee my use-case is identical to yours for this error:
ERROR: Could not lookup : Servname not supported for ai_socktype
but in a nutshell I found the following:
- root is able to run
/bin/clamdscan <a file>successfully - clamscan (the clamd daemon owner) is able to run
/bin/clamdscan <a file>successfully
But executing the above as any other user generated the above error, regardless of the executing user's permissions on the file being scanned and its containing directory.
My solution: usermod --groups clamscan --append <user> for any user I want able to run clamdscan. Now it works 100%.
I hope this is helpful in your situation.
Related videos on Youtube
01 : 14
03 : 16
02 : 06
04 : 22
11 : 09
20 : 18
Studyforstar
I am Freelance Web Designer and Server Administrator with passion in Photography. My main area of expertise is web development and design. I love making cool stuff on the web, and mainly i work with WordPress and Joomla cms. I am experienced in customizing and developing WordPress driven websites. As a Server Administrator over past years i have built and setup various web servers from shared hosting solutions to dedicated servers for audio and video streaming, gaming servers, and web servers. I also love photography and in my free time i always take my camera out trying to snatch few cool photos. I also do product shots for catalogs, flyers, websites, etc...
Updated on September 18, 2022Comments
-
Studyforstar almost 2 years
So i have installed Linux Malware Detect (maldet) to scan a server and everything went fine with installation but when i run it i get an error. Bunch of errors and than the scan just closes it.
Here is a command i have run on maldet to scan for a specific folder:
sudo maldet -a /opt/lampp/ Linux Malware Detect v1.5 (C) 2002-2014, R-fx Networks <[email protected]> (C) 2014, Ryan MacDonald <[email protected]> This program may be freely redistributed under the terms of the GNU GPL v2 maldet(4954): {scan} signatures loaded: 10728 (8824 MD5 / 1904 HEX / 0 USER) maldet(4954): {scan} building file list for /opt/lampp/, this might take awhile... maldet(4954): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6 maldet(4954): {scan} file list completed in 1s, found 132591 files... maldet(4954): {scan} found clamav binary at /usr/bin/clamdscan, using clamav scanner engine... maldet(4954): {scan} scan of /opt/lampp/ (132591 files) in progress... maldet(4954): {scan} clamscan returned an error, check /usr/local/maldetect/logs/clamscan_log for more details! maldet(4954): {scan} scan completed on /opt/lampp/: files 132591, malware hits 0, cleaned hits 0, time 28s maldet(4954): {scan} scan report saved, to view run: maldet --report 150321-0045.4954This is basically to scan lampp installation folder and i get an error, when i open a log file of clamscan_log i get this:
ERROR: Could not lookup : Servname not supported for ai_socktypeThe list is a very long like 100 000 lines of those errors and than the scan ends due to error.
Before i installed maldet i installed
clamavandclamtk(the gui for clamav) and run the scan with no problem.I also had installed
rkhunterand run that without problems.The point is i have malicious wordpress file on the server and none clamav and rkhunter found it but i know the file is there and malicious because i am looking at it. The malicious code is actually in index.php of wordpress.
So i wanted to check with maldet also and scan for the code to see if it will detect the malicious code. But i can't scan it for some reason i get the error above, and none of the searches on the net got me a fix and solution for it.
Edit: and just for a note using:
sudo clamscan, the clamscan works fine and scan the files normally. -
jakabadambalazs about 9 yearsSorry, how come you have the v1.5 while I just downloaded the current version from rfxn.com/projects/linux-malware-detect and in the archive I have 1.4.2 (which in fact has
clamscanhardcoded) and does not useclamdscan??? -
jakabadambalazs about 9 years!!! I have installed the same version from github. I think we are talking about a bug here because apart from the 1000 lines of ai_socktype you get you will most probably also get: WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --database (-d) WARNING: Ignoring unsupported option --recursive (-r) These options are not available on
clamdscanbut they are forclamscanso most probably the application identifies the wrong binary to use. I'll try to modify the code to see if forcing the correct binary will fix the problems -
Studyforstar about 9 yearsI really don't remember where the option is and i can't check because my ssd got broken and i reinstaled system. But there is an option check for clamav in maldet. Upon scan maldet will check if clamav is installed and try to use the service. If it's not installed it will scan it differently, if it is installed it will use clamav for scan. But you can also disable check for clamav and maldet will work without it. That's how i got it working once untill my ssd got broken.
