Issue
The scan process hangs on the avd scanning phase if MDS is switched on or preparing file list while the console log may contain:
'Could not open input file: /opt/ai-bolit/ai-bolit-hoster.php\n
Environment
- Imunify360
- RPM based OS
- ClamAV/Other antimalware solutions
Solution
- Entries in the console log can be confusing and harder to track, and it might seem like the scan is finished in no time. The below aibolit run log clarifies the issue faster:
tail /var/imunify360/aibolit/run/2ca53c2052db4f5e9a03bdebd2174e4d/err_file
tail /var/imunify360/aibolit/run/2ca53c2052db4f5e9a03bdebd2174e4d/log_file
Could not open input file: /opt/ai-bolit/ai-bolit-hoster.php
ls /opt/ai-bolit/ai-bolit-hoster.php
/bin/ls: cannot access /opt/ai-bolit/ai-bolit-hoster.php: No such file or directory
- So not only ClamAV causes overhead on filesystem operations and, while deleting files, causes timeouts on processing those same files by Imunify, but it also can corrupt Imunify360 files. In this case, PHP scripts contain deobfuscating patterns and signatures that can be detected as malicious.
Installation or update should bring files back:
yum install ai-bolit
Cause
The likely cause is:
grep 'ai-bolit-hoster.php' /var/log/clamav/clamav.log
Comments
0 comments
Please sign in to leave a comment.