I can't seem to get my clamav permissions set right and some weird things are going on with my server. I have asl installed and updated. I also have the latest versions of clamav, clamd, etc installed. I have been getting this from freshclam.
freshclam[8115]: Incremental update failed, trying to download daily.cvd
I can manually run freshclam and everything seems to update ok. I just checked my permissions and /var/clamav is owned by qscand.qscand. Is that right? I have a test server which just got clamav installed recently and its permissions are set to clamav.clamav and I don't get the cron errors from it.
Also for some reason now in my email headers it doesn't say clamdscan even though the log file seems to show it deleting infected emails. Now it just says "spamassassin: 3.2.5. perlscan: 2.05st." Any advice on what to do to get this fixed?
OK, I did some more poking around and in /etc/freshclam.conf I have this "DatabaseOwner clamav". I assume that is supposed to be set to qscand. Is that right? I have in qmail-scanner.ini CLAMD_USER="qscand". Also, any idea why the email headers have stopped saying clamdscan? Is it supposed to be that way? I have run qmail-scanner-reconfigure but it doesn't fix it.
It seems clamav is now updating ok. I didn't change anything, but it seems to be ok now. I do still have a problem with the permission on the freshclam.log file though. I change them to qscand.qscand, but it just gets changed back and I get this error.
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
Is there anything else to try to get this fixed?
And is it normal to have clamdscan missing from email message headers? This just happened one day, and I hadn't done anything to the server that day.
I did rename the log file and the same thing happened last night. The file does get created and it looks like everything is ok as far as updating, but I still get the error and the permissions are set to clamav.clamav.
Hmm... the /etc/cron.daily/freshclam script, which runs daily, normally looks in clamav.conf and in freshclam.conf and sets the permissions of the appropriate files and directories according to the users set in those files.
You can run it manually -- doing so does no harm -- to see what it changes or does not change in your case.
Then then freshclam on the command line to make sure that freshclam works (and look in the logs) and also look in the mail log to make sure there are no errors.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Here is my complete freshclam cron script. Is this how yours looks? So it looks to me that it isn't looking to the clamav.conf file, but just the freshclam.conf file. And the line in the freshclam.conf file with DatabaseOwner does have it set to clamav. Weird thing is that this looks like it resets the permissions on the /var/clamav folder, but that directory still has owner of qscand.qscand. Oh and the log file does actually contain information about the update. I have included it's contents too.
#!/bin/sh
### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.
### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
USER=`awk '/DatabaseOwner/ {print $2}' /etc/freshclam.conf`
if [ ! -f "$LOG_FILE" ]; then
touch "$LOG_FILE"
chmod 644 "$LOG_FILE"
chown $USER.$USER "$LOG_FILE"
fi
# User check event
chown -R $USER.$USER /var/clamav
/usr/bin/freshclam \
--quiet \
--datadir="/var/clamav" \
--log="$LOG_FILE" \
--verbose \
--daemon-notify="/etc/clamd.conf"
# Current 3rd party channel updater
if [ -x /usr/bin/clamav_updater.sh ]; then
/usr/bin/clamav_updater.sh >/dev/null 2>&1
fi
OK, so I have finally gotten back to looking into this. I think the problem is with freshclam.conf. It has this "DatabaseOwner clamav". Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf. By the way, I just installed this on a test server of mine and the same thing happens.
This looks like it fixed the problem. I just re-installed on my test machine and it looks like the wrong user is specified in the freshclam.conf file on a clean install. Mine was set to clamav.