Page 1 of 1
Clamav permissions, etc.
Posted: Mon Apr 20, 2009 10:44 am
by Troy McClure
I can't seem to get my clamav permissions set right and some weird things are going on with my server. I have asl installed and updated. I also have the latest versions of clamav, clamd, etc installed. I have been getting this from freshclam.
Code: Select all
ERROR: chdir_tmp: Can't create directory ./clamav-b292079d71f884724760ffb28eaeff13
ERROR: getfile: Can't create new file /var/clamav/clamav-2113c2f1381ec539e6abce125bce499d in /var/clamav
and
Code: Select all
freshclam[8115]: Incremental update failed, trying to download daily.cvd
I can manually run freshclam and everything seems to update ok. I just checked my permissions and /var/clamav is owned by qscand.qscand. Is that right? I have a test server which just got clamav installed recently and its permissions are set to clamav.clamav and I don't get the cron errors from it.
Also for some reason now in my email headers it doesn't say clamdscan even though the log file seems to show it deleting infected emails. Now it just says "spamassassin: 3.2.5. perlscan: 2.05st." Any advice on what to do to get this fixed?
Re: Clamav permissions, etc.
Posted: Mon Apr 20, 2009 11:09 am
by scott
Should be owned by qscand, the clam and freshclam config files should also be using the qscand user.
The latter freshclam error its harmless. Everybody will get that from time to time when the update servers dont respond quickly enough
Re: Clamav permissions, etc.
Posted: Mon Apr 20, 2009 11:27 am
by Troy McClure
OK, I did some more poking around and in /etc/freshclam.conf I have this "DatabaseOwner clamav". I assume that is supposed to be set to qscand. Is that right? I have in qmail-scanner.ini CLAMD_USER="qscand". Also, any idea why the email headers have stopped saying clamdscan? Is it supposed to be that way? I have run qmail-scanner-reconfigure but it doesn't fix it.
Re: Clamav permissions, etc.
Posted: Wed Apr 22, 2009 9:10 am
by Troy McClure
It seems clamav is now updating ok. I didn't change anything, but it seems to be ok now. I do still have a problem with the permission on the freshclam.log file though. I change them to qscand.qscand, but it just gets changed back and I get this error.
Code: Select all
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
Is there anything else to try to get this fixed?
And is it normal to have clamdscan missing from email message headers? This just happened one day, and I hadn't done anything to the server that day.
Re: Clamav permissions, etc.
Posted: Wed Apr 22, 2009 9:54 am
by biggles
It happened to me once. I renamed it and the freshclam created a new one. Now everything seems to be working...
Re: Clamav permissions, etc.
Posted: Thu Apr 23, 2009 9:05 am
by Troy McClure
I did rename the log file and the same thing happened last night. The file does get created and it looks like everything is ok as far as updating, but I still get the error and the permissions are set to clamav.clamav.
Re: Clamav permissions, etc.
Posted: Thu Apr 23, 2009 12:42 pm
by faris
Hmm... the /etc/cron.daily/freshclam script, which runs daily, normally looks in clamav.conf and in freshclam.conf and sets the permissions of the appropriate files and directories according to the users set in those files.
You can run it manually -- doing so does no harm -- to see what it changes or does not change in your case.
Then then freshclam on the command line to make sure that freshclam works (and look in the logs) and also look in the mail log to make sure there are no errors.
Re: Clamav permissions, etc.
Posted: Thu Apr 23, 2009 1:07 pm
by Troy McClure
Here is my complete freshclam cron script. Is this how yours looks? So it looks to me that it isn't looking to the clamav.conf file, but just the freshclam.conf file. And the line in the freshclam.conf file with DatabaseOwner does have it set to clamav. Weird thing is that this looks like it resets the permissions on the /var/clamav folder, but that directory still has owner of qscand.qscand. Oh and the log file does actually contain information about the update. I have included it's contents too.
Code: Select all
#!/bin/sh
### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.
### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
USER=`awk '/DatabaseOwner/ {print $2}' /etc/freshclam.conf`
if [ ! -f "$LOG_FILE" ]; then
touch "$LOG_FILE"
chmod 644 "$LOG_FILE"
chown $USER.$USER "$LOG_FILE"
fi
# User check event
chown -R $USER.$USER /var/clamav
/usr/bin/freshclam \
--quiet \
--datadir="/var/clamav" \
--log="$LOG_FILE" \
--verbose \
--daemon-notify="/etc/clamd.conf"
# Current 3rd party channel updater
if [ -x /usr/bin/clamav_updater.sh ]; then
/usr/bin/clamav_updater.sh >/dev/null 2>&1
fi
Code: Select all
Current working dir is /var/clamav
Max retries == 3
ClamAV update process started at Thu Apr 23 05:15:42 2009
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.95.1
main.cvd version from DNS: 50
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cvd version from DNS: 9277
Retrieving http://db.us.clamav.net/daily-9267.cdiff
Trying host db.us.clamav.net (208.67.80.27)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 208.67.80.27)
Trying host db.us.clamav.net (138.123.96.134)...
Trying to download http://db.us.clamav.net/daily-9267.cdiff (IP: 138.123.96.134)
Downloading daily-9267.cdiff [100%]
cdiff_apply: Parsed 20 lines and executed 20 commands
Retrieving http://db.us.clamav.net/daily-9268.cdiff
Trying to download http://db.us.clamav.net/daily-9268.cdiff (IP: 138.123.96.134)
Downloading daily-9268.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9269.cdiff
Trying to download http://db.us.clamav.net/daily-9269.cdiff (IP: 138.123.96.134)
Downloading daily-9269.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9270.cdiff
Trying to download http://db.us.clamav.net/daily-9270.cdiff (IP: 138.123.96.134)
Downloading daily-9270.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9271.cdiff
Trying to download http://db.us.clamav.net/daily-9271.cdiff (IP: 138.123.96.134)
Downloading daily-9271.cdiff [100%]
cdiff_apply: Parsed 523 lines and executed 523 commands
Retrieving http://db.us.clamav.net/daily-9272.cdiff
Trying to download http://db.us.clamav.net/daily-9272.cdiff (IP: 138.123.96.134)
Downloading daily-9272.cdiff [100%]
cdiff_apply: Parsed 12 lines and executed 12 commands
Retrieving http://db.us.clamav.net/daily-9273.cdiff
Trying to download http://db.us.clamav.net/daily-9273.cdiff (IP: 138.123.96.134)
Downloading daily-9273.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9274.cdiff
Trying to download http://db.us.clamav.net/daily-9274.cdiff (IP: 138.123.96.134)
Downloading daily-9274.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9275.cdiff
Trying to download http://db.us.clamav.net/daily-9275.cdiff (IP: 138.123.96.134)
Downloading daily-9275.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9276.cdiff
Trying to download http://db.us.clamav.net/daily-9276.cdiff (IP: 138.123.96.134)
Downloading daily-9276.cdiff [100%]
cdiff_apply: Parsed 14 lines and executed 14 commands
Retrieving http://db.us.clamav.net/daily-9277.cdiff
Trying to download http://db.us.clamav.net/daily-9277.cdiff (IP: 138.123.96.134)
Downloading daily-9277.cdiff [100%]
cdiff_apply: Parsed 890 lines and executed 890 commands
daily.cld updated (version: 9277, sigs: 45514, f-level: 42, builder: ccordes)
Database updated (546181 signatures) from db.us.clamav.net (IP: 138.123.96.134)
Clamd successfully notified about the update.
Re: Clamav permissions, etc.
Posted: Thu Apr 23, 2009 2:25 pm
by biggles
clamav.conf and freshclam.conf would be nice to see...
Re: Clamav permissions, etc.
Posted: Sat Jun 06, 2009 6:54 pm
by Troy McClure
OK, so I have finally gotten back to looking into this. I think the problem is with freshclam.conf. It has this "DatabaseOwner clamav". Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf. By the way, I just installed this on a test server of mine and the same thing happens.
Re: Clamav permissions, etc.
Posted: Sat Jun 06, 2009 8:25 pm
by Kalimari
Troy McClure wrote:Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf.
Yes, I can confirm that DatabaseOwner should be set to qscand
Re: Clamav permissions, etc.
Posted: Tue Jun 09, 2009 4:26 pm
by Troy McClure
This looks like it fixed the problem. I just re-installed on my test machine and it looks like the wrong user is specified in the freshclam.conf file on a clean install. Mine was set to clamav.