store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Sun Dec 21, 2014 8:03 am

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 12 posts ] 
Author Message
 Post subject: Clamav permissions, etc.
Unread postPosted: Mon Apr 20, 2009 10:44 am 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
I can't seem to get my clamav permissions set right and some weird things are going on with my server. I have asl installed and updated. I also have the latest versions of clamav, clamd, etc installed. I have been getting this from freshclam.
Code:
ERROR: chdir_tmp: Can't create directory ./clamav-b292079d71f884724760ffb28eaeff13
ERROR: getfile: Can't create new file /var/clamav/clamav-2113c2f1381ec539e6abce125bce499d in /var/clamav
and
Code:
freshclam[8115]: Incremental update failed, trying to download daily.cvd
I can manually run freshclam and everything seems to update ok. I just checked my permissions and /var/clamav is owned by qscand.qscand. Is that right? I have a test server which just got clamav installed recently and its permissions are set to clamav.clamav and I don't get the cron errors from it.
Also for some reason now in my email headers it doesn't say clamdscan even though the log file seems to show it deleting infected emails. Now it just says "spamassassin: 3.2.5. perlscan: 2.05st." Any advice on what to do to get this fixed?


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Mon Apr 20, 2009 11:09 am 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin

Joined: Wed Dec 31, 1969 8:00 pm
Posts: 7964
Location: earth
Should be owned by qscand, the clam and freshclam config files should also be using the qscand user.

The latter freshclam error its harmless. Everybody will get that from time to time when the update servers dont respond quickly enough


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Mon Apr 20, 2009 11:27 am 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
OK, I did some more poking around and in /etc/freshclam.conf I have this "DatabaseOwner clamav". I assume that is supposed to be set to qscand. Is that right? I have in qmail-scanner.ini CLAMD_USER="qscand". Also, any idea why the email headers have stopped saying clamdscan? Is it supposed to be that way? I have run qmail-scanner-reconfigure but it doesn't fix it.


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Wed Apr 22, 2009 9:10 am 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
It seems clamav is now updating ok. I didn't change anything, but it seems to be ok now. I do still have a problem with the permission on the freshclam.log file though. I change them to qscand.qscand, but it just gets changed back and I get this error.
Code:
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
Is there anything else to try to get this fixed?
And is it normal to have clamdscan missing from email message headers? This just happened one day, and I hadn't done anything to the server that day.


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Wed Apr 22, 2009 9:54 am 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 780
Location: Sweden
It happened to me once. I renamed it and the freshclam created a new one. Now everything seems to be working...


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Thu Apr 23, 2009 9:05 am 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
I did rename the log file and the same thing happened last night. The file does get created and it looks like everything is ok as far as updating, but I still get the error and the permissions are set to clamav.clamav.


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Thu Apr 23, 2009 12:42 pm 
Offline
Long Time Forum Regular
Long Time Forum Regular

Joined: Thu Dec 09, 2004 11:19 am
Posts: 2113
Hmm... the /etc/cron.daily/freshclam script, which runs daily, normally looks in clamav.conf and in freshclam.conf and sets the permissions of the appropriate files and directories according to the users set in those files.

You can run it manually -- doing so does no harm -- to see what it changes or does not change in your case.

Then then freshclam on the command line to make sure that freshclam works (and look in the logs) and also look in the mail log to make sure there are no errors.

_________________
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Thu Apr 23, 2009 1:07 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
Here is my complete freshclam cron script. Is this how yours looks? So it looks to me that it isn't looking to the clamav.conf file, but just the freshclam.conf file. And the line in the freshclam.conf file with DatabaseOwner does have it set to clamav. Weird thing is that this looks like it resets the permissions on the /var/clamav folder, but that directory still has owner of qscand.qscand. Oh and the log file does actually contain information about the update. I have included it's contents too.
Code:
#!/bin/sh

### A simple update script for the clamav virus database.
### This could as well be replaced by a SysV script.

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
USER=`awk '/DatabaseOwner/ {print $2}' /etc/freshclam.conf`
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
    chown $USER.$USER "$LOG_FILE"
fi

# User check event
chown -R $USER.$USER /var/clamav

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --verbose \
    --daemon-notify="/etc/clamd.conf"


# Current 3rd party channel updater
if [ -x /usr/bin/clamav_updater.sh ]; then
  /usr/bin/clamav_updater.sh >/dev/null 2>&1
fi
Code:
Current working dir is /var/clamav
Max retries == 3
ClamAV update process started at Thu Apr 23 05:15:42 2009
Using IPv6 aware code
Querying current.cvd.clamav.net
TTL: 900
Software version from DNS: 0.95.1
main.cvd version from DNS: 50
main.cvd is up to date (version: 50, sigs: 500667, f-level: 38, builder: sven)
daily.cvd version from DNS: 9277
Retrieving http://db.us.clamav.net/daily-9267.cdiff
Trying host db.us.clamav.net (208.67.80.27)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.us.clamav.net (IP: 208.67.80.27)
Trying host db.us.clamav.net (138.123.96.134)...
Trying to download http://db.us.clamav.net/daily-9267.cdiff (IP: 138.123.96.134)
Downloading daily-9267.cdiff [100%]
cdiff_apply: Parsed 20 lines and executed 20 commands
Retrieving http://db.us.clamav.net/daily-9268.cdiff
Trying to download http://db.us.clamav.net/daily-9268.cdiff (IP: 138.123.96.134)
Downloading daily-9268.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9269.cdiff
Trying to download http://db.us.clamav.net/daily-9269.cdiff (IP: 138.123.96.134)
Downloading daily-9269.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9270.cdiff
Trying to download http://db.us.clamav.net/daily-9270.cdiff (IP: 138.123.96.134)
Downloading daily-9270.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9271.cdiff
Trying to download http://db.us.clamav.net/daily-9271.cdiff (IP: 138.123.96.134)
Downloading daily-9271.cdiff [100%]
cdiff_apply: Parsed 523 lines and executed 523 commands
Retrieving http://db.us.clamav.net/daily-9272.cdiff
Trying to download http://db.us.clamav.net/daily-9272.cdiff (IP: 138.123.96.134)
Downloading daily-9272.cdiff [100%]
cdiff_apply: Parsed 12 lines and executed 12 commands
Retrieving http://db.us.clamav.net/daily-9273.cdiff
Trying to download http://db.us.clamav.net/daily-9273.cdiff (IP: 138.123.96.134)
Downloading daily-9273.cdiff [100%]
cdiff_apply: Parsed 8 lines and executed 8 commands
Retrieving http://db.us.clamav.net/daily-9274.cdiff
Trying to download http://db.us.clamav.net/daily-9274.cdiff (IP: 138.123.96.134)
Downloading daily-9274.cdiff [100%]
cdiff_apply: Parsed 11 lines and executed 11 commands
Retrieving http://db.us.clamav.net/daily-9275.cdiff
Trying to download http://db.us.clamav.net/daily-9275.cdiff (IP: 138.123.96.134)
Downloading daily-9275.cdiff [100%]
cdiff_apply: Parsed 7 lines and executed 7 commands
Retrieving http://db.us.clamav.net/daily-9276.cdiff
Trying to download http://db.us.clamav.net/daily-9276.cdiff (IP: 138.123.96.134)
Downloading daily-9276.cdiff [100%]
cdiff_apply: Parsed 14 lines and executed 14 commands
Retrieving http://db.us.clamav.net/daily-9277.cdiff
Trying to download http://db.us.clamav.net/daily-9277.cdiff (IP: 138.123.96.134)
Downloading daily-9277.cdiff [100%]
cdiff_apply: Parsed 890 lines and executed 890 commands
daily.cld updated (version: 9277, sigs: 45514, f-level: 42, builder: ccordes)
Database updated (546181 signatures) from db.us.clamav.net (IP: 138.123.96.134)
Clamd successfully notified about the update.


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Thu Apr 23, 2009 2:25 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue Jul 15, 2008 2:38 pm
Posts: 780
Location: Sweden
clamav.conf and freshclam.conf would be nice to see...


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Sat Jun 06, 2009 6:54 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
OK, so I have finally gotten back to looking into this. I think the problem is with freshclam.conf. It has this "DatabaseOwner clamav". Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf. By the way, I just installed this on a test server of mine and the same thing happens.


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Sat Jun 06, 2009 8:25 pm 
Offline
Forum Regular
Forum Regular

Joined: Wed Jan 02, 2008 3:21 pm
Posts: 521
Location: United Kingdom
Troy McClure wrote:
Can someone confirm that their DatabaseOwner is set to qscand in freshclam.conf.

Yes, I can confirm that DatabaseOwner should be set to qscand


Top
 Profile  
 
 Post subject: Re: Clamav permissions, etc.
Unread postPosted: Tue Jun 09, 2009 4:26 pm 
Offline
Forum Regular
Forum Regular

Joined: Tue May 10, 2005 1:24 pm
Posts: 193
This looks like it fixed the problem. I just re-installed on my test machine and it looks like the wrong user is specified in the freshclam.conf file on a clean install. Mine was set to clamav.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 12 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group