ClamAV scanning with PHP 8 - Not a regular file

Question

I'm migrating everything I have from Ubuntu 20.04 to 23.04. The one and only thing, in a long list, I'm struggling with is a web form that uses ClamAV to scan uploaded files. On the old server it works fine. On the new server I persistenly get: fd[10]: Not a regular file. ERROR (that's from /var/log/clamav/clamav.log) and it returns code 2 to the exec command and the following output from $out

(
    [0] => /tmp/php0HjwDM: Not a regular file ERROR
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Infected files: 0
    [4] => Total errors: 1
    [5] => Time: 0.000 sec (0 m 0 s)
    [6] => Start Date: 2023:06:28 17:08:03
    [7] => End Date:   2023:06:28 17:08:03
)

And after moving the file I then scan it again (for testing)

Array
(
    [0] => /import/myfile.csv: Not a regular file ERROR
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Infected files: 0
    [4] => Total errors: 1
    [5] => Time: 0.000 sec (0 m 0 s)
    [6] => Start Date: 2023:06:28 17:08:03
    [7] => End Date:   2023:06:28 17:08:03
)

Here's the test code:

if ($_POST) {
$uploadfile = '/import/' . basename($_FILES['userfile']['name']);
$scanpath=escapeshellarg($_FILES['userfile']['tmp_name']);
$cmd='clamdscan --fdpass '.$scanpath;
$retcode=-1;
$out='';
exec($cmd,$out,$retcode);
echo $retcode.'<br /><pre>';
print_r ($out);
echo '</pre>';
echo '<br />Now moving <br />';
move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile);
$cmd='clamdscan --fdpass '.$uploadfile;
$retcode=-1;
$out='';
exec($cmd,$out,$retcode);
echo $retcode.'<br /><pre>';
print_r ($out);
echo '</pre>';
}
?>

<form enctype="multipart/form-data" action="testpost.php" method="POST">
    Send this file: <input name="userfile" type="file" />
    <input type="submit" value="Send File" />
</form>

Tried with various file types, tried configure clamav to run as www-data (after sorting socket folder permissions). Tried with different files. The "move" and second scan, in the above, was to prove there weren't issues with the temporary /tmp/ version of the uploaded file. /import/ has 777 permissions just for testing Running clamdscan --fdpass myfile.csv from a shell from within the /import folder works just fine, as well as doing it with sudo -u www-data or sudo -u clamav. It just won't run as expected from PHP's exec. It certainly tries. Searched in vain for solutions. While other people seem to have had similar issues, they're not the same as far as I can tell. Any advice would be greatly appreciated.
Edit 29/06/2023
Using clamscan instead of clamdscan works, except it's very (unworkably) slow:

Array
(
    [0] => /tmp/phpFahZwQ: OK
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Known viruses: 8669716
    [4] => Engine version: 0.103.8
    [5] => Scanned directories: 0
    [6] => Scanned files: 1
    [7] => Infected files: 0
    [8] => Data scanned: 0.00 MB
    [9] => Data read: 0.00 MB (ratio 0.00:1)
    [10] => Time: 13.043 sec (0 m 13 s)
    [11] => Start Date: 2023:06:29 11:39:06
    [12] => End Date:   2023:06:29 11:39:19
)

Answer 1

I persistenly get: fd[10]: Not a regular file. ERROR

The clamdscan --fdpass argument passes the file descriptor permissions to clamd. As I understand it, the reason why you use it is as the clamav user is different. Which is the use-case for that flag.

Still, when clamd tries to scan based on the passed file descriptor, it either fails to fstat the file descriptor (fd) or it is not a regular file. (ref.)

Also there is no information provided about the last error if FSTAT would have failed in the first place. (ref.).

The error message does not allow to differentiate between both cases, so one would need to speculate which case it is, which we don't do.

As you only have the problem from within PHP environment - about which you don't have shared any details - it is an issue with that, preventing clamdscan to pass the file descriptor to clamd. E.g. a different namespace for file descriptors.

Ensure both PHP, clamdscan and clamd have the same view on the system and are not using any isolation feature of the kernel unless they share the same.

Additionally double-check clamd/clamdscan have been compiled for the right architecture and are using correct libraries.

Answer 2

I appear to have got it working. I tried all sorts of things, even changing clamd to use other users (very problematic as couldn't access it's socket file, no matter the permissions/ownership). In the end I ran

dpkg-reconfigure clamav-daemon
service clamav-daemon restart

I responded "No" to a prompt for automatic reconfiguration. This was in the hopes I'd get prompts, but I didn't get any. Directly after this, it appeared to work though, which I'm happy about:

Response Code: 0

Array
(
    [0] => /tmp/phpnE5tY2: OK
    [1] => 
    [2] => ----------- SCAN SUMMARY -----------
    [3] => Infected files: 0
    [4] => Time: 0.005 sec (0 m 0 s)
    [5] => Start Date: 2023:06:29 14:50:05
    [6] => End Date:   2023:06:29 14:50:05
)