I am trying to scan uploaded files on PHP server using clamAV. I've installed ClamAV on my server (Centos 7). Currently, I am using PHP 7, so I am using Clamd socket connection to scan uploaded files. I've enabled PHP sockets, clamd.sock file is present at /var/run/clamd.scan/
folder with apache owner.
My Socket connection code -
$socket = socket_create(AF_UNIX, SOCK_STREAM, 0);
if(socket_connect($socket, '/var/run/clamd.scan/clamd.sock')) {
return $socket;
}
When I try to run above code on the browser I am getting error as socket_connect(): unable to connect [13]: Permission denied
, But if I run the PHP code through command line with a user as root it is working fine.
I know there is some issue with SELinux policy with Centos as if I disable SELinux policy everything is working fine from the browser as well. I have checked httpd_can_network_connect --> on
and antivirus_can_scan_system --> on
both are on.
The issue is with accessing anything inside /var/run/
folder for apache
user, there is something (some policy) from SELinux which is stopping apache to connect to clamd socket file. Any ideas?
After debugging, got to know that this is SELinux policy issue. You need to enable daemons_enable_cluster_mode policy in SELinux.
To Enable daemons_enable_cluster_mode:
setsebool -P daemons_enable_cluster_mode 1
This will allow executing ClamAV scan through another service like Apache in my case.