phpsocketscentos7clam

CentOS 7 unable to connect clamd.sock file (Permission denied error)


I am trying to scan uploaded files on PHP server using clamAV. I've installed ClamAV on my server (Centos 7). Currently, I am using PHP 7, so I am using Clamd socket connection to scan uploaded files. I've enabled PHP sockets, clamd.sock file is present at /var/run/clamd.scan/ folder with apache owner.

My Socket connection code -

        $socket = socket_create(AF_UNIX, SOCK_STREAM, 0);

        if(socket_connect($socket, '/var/run/clamd.scan/clamd.sock')) {
            return $socket;
        }

When I try to run above code on the browser I am getting error as socket_connect(): unable to connect [13]: Permission denied, But if I run the PHP code through command line with a user as root it is working fine.

I know there is some issue with SELinux policy with Centos as if I disable SELinux policy everything is working fine from the browser as well. I have checked httpd_can_network_connect --> on and antivirus_can_scan_system --> on both are on.

The issue is with accessing anything inside /var/run/ folder for apache user, there is something (some policy) from SELinux which is stopping apache to connect to clamd socket file. Any ideas?


Solution

  • After debugging, got to know that this is SELinux policy issue. You need to enable daemons_enable_cluster_mode policy in SELinux.

    To Enable daemons_enable_cluster_mode:

    setsebool -P daemons_enable_cluster_mode 1
    

    This will allow executing ClamAV scan through another service like Apache in my case.