For many years now, every now and then clamd.conf and freshclam.conf have mysteriously had the User and DatabaseOwner changed back to the default qscand, even though I had changed both to "root" for use with ASL's FTP scanning.
This has annoyed the heck out of me.
I initially thought it was down to the configs being overwritten during a qmail-scanner reinstall event, but I looked very carefully and found the configs are no longer overwritten.
The problem turns out to be related to that, but not in the way I first thought - it is the qmail-scanner-reconfigure script that actually makes the changes.
The script looks at the CLAMD_USER setting in /etc/qmail-scanner.ini and rewrites the clamd.conf and freshclam.conf confgs based on the user shown in that line.
Has anyone looked any deeper into the qmail-scanner code? Is this the ONLY use that CLAMD_USER is put to? If so, a simple solution to my problem is changing that from qscand to root and boom, nothing more to worry about - although I really hate running clamd as root.
Edit: Having looked more closely, it does use that variable for other things. Hmm....
wrong user in clamd.conf and freshclam.conf
wrong user in clamd.conf and freshclam.conf
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: wrong user in clamd.conf and freshclam.conf
I could put that project up on our github repo, it hasnt had a big review for things like this in quite a while. https://github.com/atomicorp/
We already have project-gamera, aooi, and the atomic-scanner plesk plugin there
We already have project-gamera, aooi, and the atomic-scanner plesk plugin there
Re: wrong user in clamd.conf and freshclam.conf
It's OK really.
qmail-scanner-reconfigure, a one-off event, will change the User and DatabaseOwner to qscand by default.
And within an hour /etc/cron.hourly/freshclam will have changed ownership on the clamav databases and logs to match.
So the only thing that fails when this happens is FTP scanning.
Maybe the freshclam script just needs to be changed to look for the presence of the ASL-specific psa-proftpd (and associated config?), and if found it should actually change user and databaseowner to root rather changing the owner of the database and logs to whatever is in the clamd.conf and freshclam.conf files?
Better still, maybe the clamav User/DatabaseOwner could be something specified in the ASL config file, with the cron freshclam script checking for that and sucking the setting out of that?
qmail-scanner-reconfigure, a one-off event, will change the User and DatabaseOwner to qscand by default.
And within an hour /etc/cron.hourly/freshclam will have changed ownership on the clamav databases and logs to match.
So the only thing that fails when this happens is FTP scanning.
Maybe the freshclam script just needs to be changed to look for the presence of the ASL-specific psa-proftpd (and associated config?), and if found it should actually change user and databaseowner to root rather changing the owner of the database and logs to whatever is in the clamd.conf and freshclam.conf files?
Better still, maybe the clamav User/DatabaseOwner could be something specified in the ASL config file, with the cron freshclam script checking for that and sucking the setting out of that?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Forum User
- Posts: 35
- Joined: Thu Jan 08, 2009 4:31 am
- Location: Fort Worth, TX
- Contact:
Re: wrong user in clamd.conf and freshclam.conf
I have 2 servers all using the qmail-scanner stack and this problem crops up all the time only on my primary server.
On my secondary server, clamav is happy is a clam to run as qscand:qscand.
Both run CentOS release 6.6 (Final).
Running 'freshclam' is how I test.
Now to break the server with qscand:qscand:
On my secondary server, clamav is happy is a clam to run as qscand:qscand.
Both run CentOS release 6.6 (Final).
Running 'freshclam' is how I test.
Code: Select all
-bash-4.1# ls -la
total 312
drwxrwxr-x 2 qscand qscand 4096 Jan 29 13:36 .
drwxr-xr-x 18 root root 4096 Feb 7 03:15 ..
-rwxrwxr-x 1 clamav clamav 26624 Feb 7 12:04 freshclam.log
-rwxrwxr-x 1 clamav clamav 43264 Dec 28 05:06 freshclam.log-20141228
-rwxrwxr-x 1 clamav clamav 85504 Jan 11 03:56 freshclam.log-20150111
-rwxrwxr-x 1 clamav clamav 43776 Jan 18 06:18 freshclam.log-20150118
-rwxrwxr-x 1 clamav clamav 102334 Feb 2 17:21 freshclam.log-20150202
-bash-4.1# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64
Code: Select all
[root@server clamav]# ls -la
total 852
drwxrwxr-x 2 qscand qscand 4096 Jan 29 12:36 .
drwxr-xr-x 16 root root 4096 Feb 7 03:17 ..
-rwxrwxr-x 1 qscand qscand 52975 Feb 7 11:21 clamd.log
-rwxrwxr-x 1 qscand qscand 58970 Jan 11 02:27 clamd.log-20150111
-rwxrwxr-x 1 qscand qscand 61772 Jan 18 02:29 clamd.log-20150118
-rwxrwxr-x 1 qscand qscand 61149 Jan 25 02:26 clamd.log-20150125
-rwxrwxr-x 1 qscand qscand 61262 Feb 1 03:03 clamd.log-20150201
-rwxrwxr-x 1 qscand qscand 115401 Feb 7 11:22 freshclam.log
-rwxrwxr-x 1 qscand qscand 39454 Jan 11 02:27 freshclam.log-20150111
-rwxrwxr-x 1 qscand qscand 124712 Jan 18 02:29 freshclam.log-20150118
-rwxrwxr-x 1 qscand qscand 122044 Jan 25 02:26 freshclam.log-20150125
-rwxrwxr-x 1 qscand qscand 141409 Feb 1 03:03 freshclam.log-20150201
[root@server clamav]# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64
Code: Select all
[root@server clamav]# chown clamav:clamav *
[root@server clamav]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
[root@server clamav]# chown qscand:qscand *
[root@server clamav]# freshclam
ClamAV update process started at Sat Feb 7 11:26:48 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20041, sigs: 1320012, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 245, sigs: 43, f-level: 63, builder: dgoddard)