File_exists(): open_basedir restriction since version 29.0

Since the update to Nextcloud 29.0.x I got these errors in the systemlog of Nextcloud:

Fehler	PHP	
file_exists(): open_basedir restriction in effect. File(/usr/bin/clamscan) is not within the allowed path(s): (/home/sites/site100009085/:/tmp/:/dev/:/usr/share/php/:/etc/ssl/certs/:/usr/lib64/php8.1/bin/) at /home/sites/site100009085/web/apps/files_antivirus/lib/Scanner/LocalClam.php#40
"21.08.2024, 13:56:06"	
Fehler	index	
RuntimeException The antivirus executable could not be found at /usr/bin/clamscan
"21.08.2024, 13:56:06"	
Fehler	PHP	
file_exists(): open_basedir restriction in effect. File(/usr/bin/clamscan) is not within the allowed path(s): (/home/sites/site100009085/:/tmp/:/dev/:/usr/share/php/:/etc/ssl/certs/:/usr/lib64/php8.1/bin/) at /home/sites/site100009085/web/apps/files_antivirus/lib/Scanner/LocalClam.php#40
"21.08.2024, 13:56:06"	

Nextcloud version 29.0.2
Operating system and version Linux 6.1.67 x86_64
Apache or nginx version Apache 2.4.25
PHP version 8.1.2.

What can I do to get rid of these errors?

Have you add a virusscanner app? Can you disable the app?

This has ususally nothing todo with Nextcloud, but the PHP configuration. See here:

1 Like

@devnull: Yes i have “antivirus for files”. But since 2 years without these error-messages. Why should I deactivate it?

@j-ed: Even with open_basedir=none in the user.ini or with the path to clamav, the error in the logfile persists.

Are you using FPM? .user.ini is only applicable if using PHP-FPM. Also, there’s a default caching time for .user.ini. I believe it’s 300 seconds.

Though AFAIK you can only make open_basedir more restrictive at runtime, not less restrictive. Otherwise it would be easy to bypass.

Yes i have “antivirus for files”. But since 2 years without these error-messages. Why should I deactivate it?

Judging by your log output, you’re maybe in a shared hosting environment? Are you sure your provider did not further restrict the open_basedir paths?

The answer from the webhoster:

This error message is so correct - access to
/usr/bin is not permitted within the web hosting packages.

So the result is that you cannot use a virus scanner, right?

It might be allowed to install la virus scanner in a private directory on the server, You need to ask your webhoster which options are available.

1 Like