Clamav permissions, etc.

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Clamav permissions, etc.

Unread post by Troy McClure »

I can't seem to get my clamav permissions set right and some weird things are going on with my server. I have asl installed and updated. I also have the latest versions of clamav, clamd, etc installed. I have been getting this from freshclam.

Code: Select all

ERROR: chdir_tmp: Can't create directory ./clamav-b292079d71f884724760ffb28eaeff13
ERROR: getfile: Can't create new file /var/clamav/clamav-2113c2f1381ec539e6abce125bce499d in /var/clamav
and

Code: Select all

freshclam[8115]: Incremental update failed, trying to download daily.cvd
I can manually run freshclam and everything seems to update ok. I just checked my permissions and /var/clamav is owned by qscand.qscand. Is that right? I have a test server which just got clamav installed recently and its permissions are set to clamav.clamav and I don't get the cron errors from it.
Also for some reason now in my email headers it doesn't say clamdscan even though the log file seems to show it deleting infected emails. Now it just says "spamassassin: 3.2.5. perlscan: 2.05st." Any advice on what to do to get this fixed?
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: Clamav permissions, etc.

Unread post by scott »

Should be owned by qscand, the clam and freshclam config files should also be using the qscand user.

The latter freshclam error its harmless. Everybody will get that from time to time when the update servers dont respond quickly enough
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

OK, I did some more poking around and in /etc/freshclam.conf I have this "DatabaseOwner clamav". I assume that is supposed to be set to qscand. Is that right? I have in qmail-scanner.ini CLAMD_USER="qscand". Also, any idea why the email headers have stopped saying clamdscan? Is it supposed to be that way? I have run qmail-scanner-reconfigure but it doesn't fix it.
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

It seems clamav is now updating ok. I didn't change anything, but it seems to be ok now. I do still have a problem with the permission on the freshclam.log file though. I change them to qscand.qscand, but it just gets changed back and I get this error.

Code: Select all

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
Is there anything else to try to get this fixed?
And is it normal to have clamdscan missing from email message headers? This just happened one day, and I hadn't done anything to the server that day.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Clamav permissions, etc.

Unread post by biggles »

It happened to me once. I renamed it and the freshclam created a new one. Now everything seems to be working...
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

I did rename the log file and the same thing happened last night. The file does get created and it looks like everything is ok as far as updating, but I still get the error and the permissions are set to clamav.clamav.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: Clamav permissions, etc.

Unread post by faris »

Hmm... the /etc/cron.daily/freshclam script, which runs daily, normally looks in clamav.conf and in freshclam.conf and sets the permissions of the appropriate files and directories according to the users set in those files.

You can run it manually -- doing so does no harm -- to see what it changes or does not change in your case.

Then then freshclam on the command line to make sure that freshclam works (and look in the logs) and also look in the mail log to make sure there are no errors.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

Here is my complete freshclam cron script. Is this how yours looks? So it looks to me that it isn't looking to the clamav.conf file, but just the freshclam.conf file. And the line in the freshclam.conf file with DatabaseOwner does have it set to clamav. Weird thing is that this looks like it resets the permissions on the /var/clamav folder, but that directory still has owner of qscand.qscand. Oh and the log file does actually contain information about the update. I have included it's contents too.

Code: Select all

#!/bin/sh

### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
USER=`awk '/DatabaseOwner/ {print $2}' /etc/freshclam.conf`
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
    chown $USER.$USER "$LOG_FILE"
fi

# User check event
chown -R $USER.$USER /var/clamav

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --verbose \
    --daemon-notify="/etc/clamd.conf"


# Current 3rd party channel updater
if [ -x /usr/bin/clamav_updater.sh ]; then
  /usr/bin/clamav_updater.sh >/dev/null 2>&1
fi

Code: Select all

Current working dir is /var/clamav
Max retries == 3
ClamAV update process started at Thu Apr 23 05:15:42 2009
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.95.1
main.cvd version from DNS: 50
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cvd version from DNS: 9277
Retrieving http://db.us.clamav.net/daily-9267.cdiff
Trying host db.us.clamav.net (208.67.80.27)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 208.67.80.27)
Trying host db.us.clamav.net (138.123.96.134)...
Trying to download http://db.us.clamav.net/daily-9267.cdiff (IP: 138.123.96.134)
Downloading daily-9267.cdiff [100%]
cdiff_apply: Parsed 20 lines and executed 20 commands
Retrieving http://db.us.clamav.net/daily-9268.cdiff
Trying to download http://db.us.clamav.net/daily-9268.cdiff (IP: 138.123.96.134)
Downloading daily-9268.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9269.cdiff
Trying to download http://db.us.clamav.net/daily-9269.cdiff (IP: 138.123.96.134)
Downloading daily-9269.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9270.cdiff
Trying to download http://db.us.clamav.net/daily-9270.cdiff (IP: 138.123.96.134)
Downloading daily-9270.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9271.cdiff
Trying to download http://db.us.clamav.net/daily-9271.cdiff (IP: 138.123.96.134)
Downloading daily-9271.cdiff [100%]
cdiff_apply: Parsed 523 lines and executed 523 commands
Retrieving http://db.us.clamav.net/daily-9272.cdiff
Trying to download http://db.us.clamav.net/daily-9272.cdiff (IP: 138.123.96.134)
Downloading daily-9272.cdiff [100%]
cdiff_apply: Parsed 12 lines and executed 12 commands
Retrieving http://db.us.clamav.net/daily-9273.cdiff
Trying to download http://db.us.clamav.net/daily-9273.cdiff (IP: 138.123.96.134)
Downloading daily-9273.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9274.cdiff
Trying to download http://db.us.clamav.net/daily-9274.cdiff (IP: 138.123.96.134)
Downloading daily-9274.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9275.cdiff
Trying to download http://db.us.clamav.net/daily-9275.cdiff (IP: 138.123.96.134)
Downloading daily-9275.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9276.cdiff
Trying to download http://db.us.clamav.net/daily-9276.cdiff (IP: 138.123.96.134)
Downloading daily-9276.cdiff [100%]
cdiff_apply: Parsed 14 lines and executed 14 commands
Retrieving http://db.us.clamav.net/daily-9277.cdiff
Trying to download http://db.us.clamav.net/daily-9277.cdiff (IP: 138.123.96.134)
Downloading daily-9277.cdiff [100%]
cdiff_apply: Parsed 890 lines and executed 890 commands
daily.cld updated (version: 9277, sigs: 45514, f-level: 42, builder: ccordes)
Database updated (546181 signatures) from db.us.clamav.net (IP: 138.123.96.134)
Clamd successfully notified about the update.
biggles
Forum Regular
Forum Regular
Posts: 806
Joined: Tue Jul 15, 2008 2:38 pm
Location: Sweden
Contact:

Re: Clamav permissions, etc.

Unread post by biggles »

clamav.conf and freshclam.conf would be nice to see...
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

OK, so I have finally gotten back to looking into this. I think the problem is with freshclam.conf. It has this "DatabaseOwner clamav". Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf. By the way, I just installed this on a test server of mine and the same thing happens.
Kalimari
Forum Regular
Forum Regular
Posts: 526
Joined: Wed Jan 02, 2008 3:21 pm
Location: United Kingdom

Re: Clamav permissions, etc.

Unread post by Kalimari »

Troy McClure wrote:Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf.
Yes, I can confirm that DatabaseOwner should be set to qscand
Troy McClure
Forum Regular
Forum Regular
Posts: 196
Joined: Tue May 10, 2005 1:24 pm

Re: Clamav permissions, etc.

Unread post by Troy McClure »

This looks like it fixed the problem. I just re-installed on my test machine and it looks like the wrong user is specified in the freshclam.conf file on a clean install. Mine was set to clamav.
Post Reply