wrong user in clamd.conf and freshclam.conf

Forum for getting help with Project Gamera, Spamassassin, Clamav, qmail-scanner and other anti-spam tools.
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

wrong user in clamd.conf and freshclam.conf

Unread post by faris »

For many years now, every now and then clamd.conf and freshclam.conf have mysteriously had the User and DatabaseOwner changed back to the default qscand, even though I had changed both to "root" for use with ASL's FTP scanning.

This has annoyed the heck out of me.

I initially thought it was down to the configs being overwritten during a qmail-scanner reinstall event, but I looked very carefully and found the configs are no longer overwritten.

The problem turns out to be related to that, but not in the way I first thought - it is the qmail-scanner-reconfigure script that actually makes the changes.

The script looks at the CLAMD_USER setting in /etc/qmail-scanner.ini and rewrites the clamd.conf and freshclam.conf confgs based on the user shown in that line.

Has anyone looked any deeper into the qmail-scanner code? Is this the ONLY use that CLAMD_USER is put to? If so, a simple solution to my problem is changing that from qscand to root and boom, nothing more to worry about - although I really hate running clamd as root.

Edit: Having looked more closely, it does use that variable for other things. Hmm....
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
scott
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
Posts: 8355
Joined: Wed Dec 31, 1969 8:00 pm
Location: earth
Contact:

Re: wrong user in clamd.conf and freshclam.conf

Unread post by scott »

I could put that project up on our github repo, it hasnt had a big review for things like this in quite a while. https://github.com/atomicorp/

We already have project-gamera, aooi, and the atomic-scanner plesk plugin there
faris
Long Time Forum Regular
Long Time Forum Regular
Posts: 2321
Joined: Thu Dec 09, 2004 11:19 am

Re: wrong user in clamd.conf and freshclam.conf

Unread post by faris »

It's OK really.

qmail-scanner-reconfigure, a one-off event, will change the User and DatabaseOwner to qscand by default.

And within an hour /etc/cron.hourly/freshclam will have changed ownership on the clamav databases and logs to match.

So the only thing that fails when this happens is FTP scanning.

Maybe the freshclam script just needs to be changed to look for the presence of the ASL-specific psa-proftpd (and associated config?), and if found it should actually change user and databaseowner to root rather changing the owner of the database and logs to whatever is in the clamd.conf and freshclam.conf files?

Better still, maybe the clamav User/DatabaseOwner could be something specified in the ASL config file, with the cron freshclam script checking for that and sucking the setting out of that?
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
AntiochInteractive
Forum User
Forum User
Posts: 35
Joined: Thu Jan 08, 2009 4:31 am
Location: Fort Worth, TX
Contact:

Re: wrong user in clamd.conf and freshclam.conf

Unread post by AntiochInteractive »

I have 2 servers all using the qmail-scanner stack and this problem crops up all the time only on my primary server.

On my secondary server, clamav is happy is a clam to run as qscand:qscand.

Both run CentOS release 6.6 (Final).

Running 'freshclam' is how I test.

Code: Select all

-bash-4.1# ls -la
total 312
drwxrwxr-x  2 qscand qscand   4096 Jan 29 13:36 .
drwxr-xr-x 18 root   root     4096 Feb  7 03:15 ..
-rwxrwxr-x  1 clamav clamav  26624 Feb  7 12:04 freshclam.log
-rwxrwxr-x  1 clamav clamav  43264 Dec 28 05:06 freshclam.log-20141228
-rwxrwxr-x  1 clamav clamav  85504 Jan 11 03:56 freshclam.log-20150111
-rwxrwxr-x  1 clamav clamav  43776 Jan 18 06:18 freshclam.log-20150118
-rwxrwxr-x  1 clamav clamav 102334 Feb  2 17:21 freshclam.log-20150202
-bash-4.1# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64

Code: Select all

[root@server clamav]# ls -la
total 852
drwxrwxr-x  2 qscand qscand   4096 Jan 29 12:36 .
drwxr-xr-x 16 root   root     4096 Feb  7 03:17 ..
-rwxrwxr-x  1 qscand qscand  52975 Feb  7 11:21 clamd.log
-rwxrwxr-x  1 qscand qscand  58970 Jan 11 02:27 clamd.log-20150111
-rwxrwxr-x  1 qscand qscand  61772 Jan 18 02:29 clamd.log-20150118
-rwxrwxr-x  1 qscand qscand  61149 Jan 25 02:26 clamd.log-20150125
-rwxrwxr-x  1 qscand qscand  61262 Feb  1 03:03 clamd.log-20150201
-rwxrwxr-x  1 qscand qscand 115401 Feb  7 11:22 freshclam.log
-rwxrwxr-x  1 qscand qscand  39454 Jan 11 02:27 freshclam.log-20150111
-rwxrwxr-x  1 qscand qscand 124712 Jan 18 02:29 freshclam.log-20150118
-rwxrwxr-x  1 qscand qscand 122044 Jan 25 02:26 freshclam.log-20150125
-rwxrwxr-x  1 qscand qscand 141409 Feb  1 03:03 freshclam.log-20150201
[root@server clamav]# rpm -q clamav
clamav-0.98.6-22.el6.art.x86_64
Now to break the server with qscand:qscand:

Code: Select all

[root@server clamav]# chown clamav:clamav *
[root@server clamav]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
[root@server clamav]# chown qscand:qscand *
[root@server clamav]# freshclam
ClamAV update process started at Sat Feb  7 11:26:48 2015
main.cvd is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 20041, sigs: 1320012, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 245, sigs: 43, f-level: 63, builder: dgoddard)
Post Reply