ged at jubileegroup
Nov 19, 2011, 3:36 AM
Post #3 of 4
Re: Freshclam problems after updating packages
[In reply to]
On Sat, 19 Nov 2011 Anne Wilson wrote:
> Running CentOS 6, I've started getting messages like ...
> Can't open /var/log/clamav/freshclam.log in append mode
> (check permissions!).
Are you using something like a chroot jail or SeLinux?
> what permissions freshclam.log should have?
We haven't seen what's been done in your system, so we don't know what
user(s) have permission to write to your files.
The permissions (and other such things, see my question above) must
allow a process which needs to write to it to write to it. When a
process is started, it is given the permissions of a certain user.
For things like clamd and freshclam this will often be the 'clamav' or
'mail' user, but it might be any other user. The user might not have
permissions to start a login shell, check /etc/passwd for details.
Very commonly a process starts with some set of permissions which are
then changed (so it has fewer permissions). This is a security
feature. If a process is subverted in some way by an attacker, the
fewer permissions which that process has, the harder it is for the
attacker to do any damage.
> what other checks should I be making?
Look at the process using operating system tools such as 'top' to find
out which user is running freshclam. As has been suggested you could
then try to write to the logfile using a shell for that user.
You might want to rename the logfile and see if the freshclam process
can create a new logfile, or you could create one:
then change the file permissions to whatever makes sense:
chown some_user /var/log/clamav/freshclam.log
chgrp some_group /var/log/clamav/freshclam.log
Try to avoid giving very lax permissions (such as world write) to
files and directories in an attempt to permit the processes to write
to them, that's very poor security practice.
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net