Hi @dmundra,
(as a benefit to the community I continue answering in english...)
(A)
you can positively confirm the daemon's invocation by ILIAS by inspecting the clamav log:
(this is the output of my two probes yesterday...)
># cat /var/log/clamav/clamav.log | grep EICAR
Tue Aug 17 06:43:20 2021 -> /srv/www/temp/phpupCb6J: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND
Tue Aug 17 06:51:17 2021 -> /srv/www/temp/phpZubB6H: Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND
(B)
Of course, the user running the daemon must be in a group having read access to the folder where the temporary PHP upload file resides.
On my server that's group 'www-data' because we are running nginx, not apache - so our php-worker process is running as user 'www-data' too.
># groups clamav
clamav : clamav www-data
↧
Administration - Installation - Core: Re(3): clamd blockt verdächtige Dateien nicht ab
↧