Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: ClamAV: users

Freshclam problems after updating packages

 

 

ClamAV users RSS feed   Index | Next | Previous | View Threaded


cannewilson at googlemail

Nov 18, 2011, 11:32 AM

Post #1 of 4 (6350 views)
Permalink
Freshclam problems after updating packages

Running CentOS 6, I've started getting messages like

No updates detected in the log for the freshclam daemon (the
ClamAV update process). If the freshclam daemon is not running,
you may need to restart it. Other options:
etc...

and

/etc/cron.daily/freshclam:

ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).

I've tried to sort this out, without success. First, then, can you tell me
what permissions freshclam.log should have? Currently it is owned
clamav:clamav with rw access for clamav.

what other checks should I be making?

Thanks

Anne
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


bburke at eecs

Nov 18, 2011, 12:35 PM

Post #2 of 4 (6294 views)
Permalink
Re: Freshclam problems after updating packages [In reply to]

> I've tried to sort this out, without success. First, then, can you tell me
> what permissions freshclam.log should have? Currently it is owned
> clamav:clamav with rw access for clamav.
>
> what other checks should I be making?

Maybe try becoming the clamav user and appending something to the file?

#> su -l clamav -s /bin/bash
clamav> echo "test" >> /var/log/clamav/freshclam.log

Not sure... thinking about this abstractly I can't imagine why it would happen.

--
Bryan Burke
IT Administrator
Department of Electrical Engineering and Computer Science
University of Tennessee, Knoxville
bburke [at] eecs
(865) 974-4694
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


ged at jubileegroup

Nov 19, 2011, 3:36 AM

Post #3 of 4 (6293 views)
Permalink
Re: Freshclam problems after updating packages [In reply to]

Hi there,

On Sat, 19 Nov 2011 Anne Wilson wrote:

> Running CentOS 6, I've started getting messages like ...
> Can't open /var/log/clamav/freshclam.log in append mode
> (check permissions!).

Are you using something like a chroot jail or SeLinux?

> what permissions freshclam.log should have?

We haven't seen what's been done in your system, so we don't know what
user(s) have permission to write to your files.

The permissions (and other such things, see my question above) must
allow a process which needs to write to it to write to it. When a
process is started, it is given the permissions of a certain user.
For things like clamd and freshclam this will often be the 'clamav' or
'mail' user, but it might be any other user. The user might not have
permissions to start a login shell, check /etc/passwd for details.
Very commonly a process starts with some set of permissions which are
then changed (so it has fewer permissions). This is a security
feature. If a process is subverted in some way by an attacker, the
fewer permissions which that process has, the harder it is for the
attacker to do any damage.

> what other checks should I be making?

Look at the process using operating system tools such as 'top' to find
out which user is running freshclam. As has been suggested you could
then try to write to the logfile using a shell for that user.

You might want to rename the logfile and see if the freshclam process
can create a new logfile, or you could create one:

touch /var/log/clamav/freshclam.log

then change the file permissions to whatever makes sense:

chown some_user /var/log/clamav/freshclam.log
chgrp some_group /var/log/clamav/freshclam.log

Try to avoid giving very lax permissions (such as world write) to
files and directories in an attempt to permit the processes to write
to them, that's very poor security practice.

--

73,
Ged.
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml


t.schmidt at phoenixsoftware

Nov 20, 2011, 6:13 PM

Post #4 of 4 (6285 views)
Permalink
Re: Freshclam problems after updating packages [In reply to]

A shot in the dark: is your freshclam really running as user "clamav"?

Fun story: not so long ago I encountered a CentOS system where automatic
update had switched to a ClamAV package from a different repo which had
been compiled to run as user "clam" instead of "clamav". Took me a while
to spot ...

HTH
Tilman

Am 18.11.2011 20:32, schrieb Anne Wilson:
> Running CentOS 6, I've started getting messages like
>
> No updates detected in the log for the freshclam daemon (the
> ClamAV update process). If the freshclam daemon is not running,
> you may need to restart it. Other options:
> etc...
>
> and
>
> /etc/cron.daily/freshclam:
>
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> permissions!).
>
> I've tried to sort this out, without success. First, then, can you tell me
> what permissions freshclam.log should have? Currently it is owned
> clamav:clamav with rw access for clamav.
>
> what other checks should I be making?
>
> Thanks
>
> Anne
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml

ClamAV users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.