freshclam.log permissions

[Kalimari]

Due to log file rotation, I am greeted every Monday morning by:

Code: Select all

/etc/cron.daily/freshclam:
ERROR: Problem with internal logger (--log=/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

freshclam.log is now owned by clamav:clamav. All the log files and path are configured correctly, but the new log file is always created with the wrong owner which is fixed (for 7 days) by manually running:

Code: Select all

chown -R qscand:qscand /var/log/clamav

I have stopped/started the clamd service and triple checked paths, re-saved conf files etc. It was installed with ART qmail-scanner and I have checked the following:

Code: Select all

vi /etc/clamd.conf
User qscand

vi /etc/freshclam.conf
DatabaseOwner qscand

Any ideas or suggestions on how to resolve this moderately annoying problem would be gratefully received. I have considered running cron command to fix permissions, but I'd prefer to solve the problem at source if possible.

Thanks all!

[Kalimari]

After running clamav 0.92.1 update the user for virtually all files/directories clamav uses are wrong, they are set to clamav and not qscand.

I originally installed clamav as part of qmail-scanner from Atomic channel.

Any idea why this happens? I can manually fix them, but it makes me think there is something mis-configured. Any ideas anyone?

[krho]

I beleive that clamav "installer" changes owner regardless the settings in clamd /freshclam conf files.

[Kalimari]

Thanks krho,

I'll have to keep an eye on that in future. For now I ran:

Code: Select all

chown -R qscand:qscand /var/clamav
chown -R qscand:qscand /var/log/clamav
chown -R qscand:qscand /var/run/clamav

No other changes seemed necessary.

[scott]

I could have sworn Id added that to the cron job. You know you guys can send me patches right?

[Kalimari]

Actually Scott, I didn't know I could send patches, but wouldn't know where to begin? Not something I've ever needed to do. If you can enlighten me I'd be glad to help out...

[scott]

check out the man page on diff, thats what you can use to create patch files with. Its really simple syntax, diff -u oldfile newfile.

[Kalimari]

Follow up/solution: Have been tinkering the past few weeks to resolve the issue and finally struck gold! So, rather than outline all the failures, here's the solution (for me at least):

Code: Select all

vi /etc/cron.daily/freshclam

Comment out/remove the chown line as follows:

Code: Select all

LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
    #chown qscand.qscand "$LOG_FILE"
fi

Then add this directly afterwards, so it will check the owner is qscand outside the logic check for the freshclam.log file existing:

Code: Select all

if [ `ls -l "$LOG_FILE" | awk '{print $3}'` != "qscand" ]; then
        chown qscand.qscand "$LOG_FILE"
fi

Leave the rest in place as follows:

Code: Select all

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --log-verbose \
    --daemon-notify="/etc/clamd.conf"

Here's the whole thing in one go:

Code: Select all

#!/bin/sh

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
fi

if [ `ls -l "$LOG_FILE" | awk '{print $3}'` != "qscand" ]; then
        chown qscand.qscand "$LOG_FILE"
fi

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --log-verbose \
    --daemon-notify="/etc/clamd.conf"

[breun]

Did you maybe install ClamAV from RPMForge? Those packages use the clamav user instead of qscand.

[Kalimari]

Thanks breun, but as mentioned (on Feb 13, 2008) I installed clamav as part of qmail-scanner from Atomic channel and had this issue from the start. Now at least it is working without a weekly error message

[jens]

in case anybody else has this issue,

logrotate was messing me up by setting freshclam.log to default clamd user permissions, instead of qscand, and thereby preventing freshclam from doing its job...

check /etc/logrotate.d/freshclam

edit: I also see that my /etc/cron.daily/freshclam had the wrong logfile perms, but that would have only been created with bad perms if the logfile did not exist... in my case logrotate was causing this issue - maybe the same for others... anyhow - im sure scott will have it fixed!

[scott]

If you're using ASL, the version in the asl-2.0-testing channel should fix this problem. We'll merge that into atomic when we're done with it.

[BerArt]

Is it safe to run the "testing" chanel on a production server?

[breun]

No. That's why it's called testing.

[AntiochInteractive]

I'm having the same problem, but perhaps a slightly different scenario. I did not find a solution here.

/etc/cron.hourly/freshclam:

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

--

[root@server clamav]# ls -l
total 1288
-rw-rw-r-- 1 qscand qscand 86246 Jun 6 10:40 clamd.log
-rw-rw-r-- 1 qscand qscand 211763 Jun 3 08:01 clamd.log.1
-rw-rw-r-- 1 qscand qscand 135919 May 27 08:14 clamd.log.2
-rw-rw-r-- 1 qscand qscand 122161 May 20 07:55 clamd.log.3
-rw-rw-r-- 1 qscand qscand 190910 May 13 07:58 clamd.log.4
-rw-rw-r-- 1 qscand qscand 34672 Jun 5 11:01 freshclam.log
-rw-rw-r-- 1 qscand qscand 128118 Jun 3 08:01 freshclam.log.1
-rw-rw-r-- 1 qscand qscand 116805 May 27 08:14 freshclam.log.2
-rw-rw-r-- 1 qscand qscand 112873 May 20 07:55 freshclam.log.3
-rw-rw-r-- 1 qscand qscand 114775 May 13 07:58 freshclam.log.4

[root@server clamav]# rpm -q clamd
clamd-0.97.4-4.el5.art

[root@server clamav]# rpm -q clamav
clamav-0.97.4-4.el5.art

--

Any suggestions?