permssions issue with freshclam and updates
permssions issue with freshclam and updates
Hi
Getting this error via email each time the system tries to update:
Subject: Anacron job 'cron.daily' on xx.xxx.xxx
Body:
/etc/cron.daily/freshclam:
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
Any ideas?
ta
Getting this error via email each time the system tries to update:
Subject: Anacron job 'cron.daily' on xx.xxx.xxx
Body:
/etc/cron.daily/freshclam:
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
Any ideas?
ta
Re: permssions issue with freshclam and updates
chown clamav:clamav /var/log/clamav/freshclam.log
Re: permssions issue with freshclam and updates
In reality this does not solve problem.
I suspect clamd definitions are updated via mailscanner scripts that sets freschlam log with root perms.
I suspect clamd definitions are updated via mailscanner scripts that sets freschlam log with root perms.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
Interesting....
I am not seeing this on my system, just ran a freshclam update.
Nothing else should be trying to update clamav except /etc/cron.daily/freshclam
Are you using ClamAV 0.98 or 0.98.1?
I am not seeing this on my system, just ran a freshclam update.
Nothing else should be trying to update clamav except /etc/cron.daily/freshclam
Are you using ClamAV 0.98 or 0.98.1?
Re: permssions issue with freshclam and updates
Hi Shawn
I don't think the clamav definition is supposed to be updated by classic freshclam in efa/mailscanner:
I've: clamav-0.98.1-1.el6.rf.x86_64
I've found these evidence:
1) First there is the external signature that are updated via: /etc/cron.d/clamav-unofficial-sigs-cron
2) Second i have: cat /tmp/ClamAV.update.log
--------------------------------------
ClamAV update process started at Sun Apr 20 17:07:05 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18833, sigs: 900699, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
This seems to be a log of a external freshclam updater
3) Third: we have /etc/cron.hourly/update_virus_scanners
I think freshclam is added when there is a clamav update from the repo.
You could try to disable freshclam and you will see that the definitions should be upgraded as well.
[root@mailgw1 cron.hourly]#
I don't think the clamav definition is supposed to be updated by classic freshclam in efa/mailscanner:
I've: clamav-0.98.1-1.el6.rf.x86_64
I've found these evidence:
1) First there is the external signature that are updated via: /etc/cron.d/clamav-unofficial-sigs-cron
2) Second i have: cat /tmp/ClamAV.update.log
--------------------------------------
ClamAV update process started at Sun Apr 20 17:07:05 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18833, sigs: 900699, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)
This seems to be a log of a external freshclam updater
3) Third: we have /etc/cron.hourly/update_virus_scanners
I think freshclam is added when there is a clamav update from the repo.
You could try to disable freshclam and you will see that the definitions should be upgraded as well.
[root@mailgw1 cron.hourly]#
Re: permssions issue with freshclam and updates
Just another evidence found in logs:
22>1 2014-04-20T17:54:32.954081+02:00 mailgw1 postfix 24325 - - 0072B138260: removed
<22>1 2014-04-20T18:01:06.555092+02:00 mailgw1 update.bad.phishing.sites - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:01:45.315864+02:00 mailgw1 update.virus.scanners - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:05:07.918696+02:00 mailgw1 update.virus.scanners - - Found clamav installed
<22>1 2014-04-20T18:05:07.922651+02:00 mailgw1 update.virus.scanners - - Running autoupdate for clamav
<22>1 2014-04-20T18:05:14.002006+02:00 mailgw1 ClamAV-autoupdate 25516 - - ClamAV updated
<22>1 2014-04-20T18:05:14.280209+02:00 mailgw1 update.virus.scanners - - Found generic installed
<22>1 2014-04-20T18:05:14.282607+02:00 mailgw1 update.virus.scanners - - Running autoupdate for generic
22>1 2014-04-20T17:54:32.954081+02:00 mailgw1 postfix 24325 - - 0072B138260: removed
<22>1 2014-04-20T18:01:06.555092+02:00 mailgw1 update.bad.phishing.sites - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:01:45.315864+02:00 mailgw1 update.virus.scanners - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:05:07.918696+02:00 mailgw1 update.virus.scanners - - Found clamav installed
<22>1 2014-04-20T18:05:07.922651+02:00 mailgw1 update.virus.scanners - - Running autoupdate for clamav
<22>1 2014-04-20T18:05:14.002006+02:00 mailgw1 ClamAV-autoupdate 25516 - - ClamAV updated
<22>1 2014-04-20T18:05:14.280209+02:00 mailgw1 update.virus.scanners - - Found generic installed
<22>1 2014-04-20T18:05:14.282607+02:00 mailgw1 update.virus.scanners - - Running autoupdate for generic
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
umm...I see a potential problem.
EFA was built with a compiled version of ClamAV....0.98
You are using RPM version of ClamAV 0.98.1?
EFA was built with a compiled version of ClamAV....0.98
You are using RPM version of ClamAV 0.98.1?
Re: permssions issue with freshclam and updates
Hi Shawn
I'm my case yes: I'm using a clamav package updated from addtional repo installed.
I had some problems in the beginning with perms, but now all is okay.
Anyway in any case the definition updates are performed by mailscanner script and not by clamav one.
Probably with your clamav packaged version the two scripts can both run togheter.
Just one question: is it the efa official clamav package compiled with some special feature/flag ?
I'm wondering at this point why not use a clamav package that comes from one of the many repo available (eg: rpmforge)
Thx
I'm my case yes: I'm using a clamav package updated from addtional repo installed.
I had some problems in the beginning with perms, but now all is okay.
Anyway in any case the definition updates are performed by mailscanner script and not by clamav one.
Probably with your clamav packaged version the two scripts can both run togheter.
Just one question: is it the efa official clamav package compiled with some special feature/flag ?
I'm wondering at this point why not use a clamav package that comes from one of the many repo available (eg: rpmforge)
Thx
Re: permssions issue with freshclam and updates
To help uk bloke:
Pls could u tell us if you have the original clamav packaged (eg: bundled with efa) or did u have updated it?
to see the version go on web gui->tools->clamav
Thx
Pls could u tell us if you have the original clamav packaged (eg: bundled with efa) or did u have updated it?
to see the version go on web gui->tools->clamav
Thx
Re: permssions issue with freshclam and updates
Hi
Last week I ran a full yum update: ClamAV 0.98.1
Thanks
Last week I ran a full yum update: ClamAV 0.98.1
Thanks
Re: permssions issue with freshclam and updates
Ok then you are facing the same problem of mine.
I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.
To see if updates are performed fine plz mainly check:
1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.
To see if updates are performed fine plz mainly check:
1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
Buzzo,
Do you have notes on what you did to get to ClamAV 0.98.1 using RPM?
I would be interested in adding this as an official update (without the freshclam issue, of course...)
Do you have notes on what you did to get to ClamAV 0.98.1 using RPM?
I would be interested in adding this as an official update (without the freshclam issue, of course...)
Re: permssions issue with freshclam and updates
Nothing special, just upgraded the package.
If i rember correctly the only thing to change was the clamav daemon user in the conf.
I haven't actually any vm to retry the installation.
If you have one i cant try on it if u want.
Thx
If i rember correctly the only thing to change was the clamav daemon user in the conf.
I haven't actually any vm to retry the installation.
If you have one i cant try on it if u want.
Thx
Re: permssions issue with freshclam and updates
ClamAV Statusbuzzzo wrote:Ok then you are facing the same problem of mine.
I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.
To see if updates are performed fine plz mainly check:
1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
Version: ClamAV 0.98.1
Virus Identities: 15076
Database Timestamp: Mon Jun 25 00:00:16 2012 << seems very old!!!
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
Yeah that doesn't look right...
Re: permssions issue with freshclam and updates
Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
I confirmed from a clean build of EFA that /var/lib/clamav doesn't exist....Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?
Unless you enable EPEL....
Then things get interesting...
Re: permssions issue with freshclam and updates
Ooooooh, I get it now.
I think you're right.
Let me check what repos I've enabled in the morning and report back. And if I have, I'll need to find out why I did it and messed everything up.
I think you're right.
Let me check what repos I've enabled in the morning and report back. And if I have, I'll need to find out why I did it and messed everything up.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
To fix this issue if epel was manually added to EFA:
Code: Select all
# Reverse changes from EPEL version of clamd
sudo sed -i "/^DatabaseDirectory \/var\/lib\/clamav/ c\DatabaseDirectory /var/clamav" /etc/clamd.conf
sudo sed -i "/^User clam/ c\User clamav" /etc/clamd.conf
sudo rm -rf /var/lib/clamav
sudo userdel clam
sudo chown clamav:clamav /var/run/clamav
sudo service clamd start
Re: permssions issue with freshclam and updates
Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?
In this way you have everytime the new version of clamav.
Maybe in a future version ?
In this way you have everytime the new version of clamav.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
https://github.com/E-F-A/v3/commit/70a2 ... 1a95ee806bShawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?
In this way you have everytime the new version of clamav.
Problem is that the CentOS Update channel and EPEL channel has conflicting versions of clamd. This script will be used going forward with clam updates.
Re: permssions issue with freshclam and updates
I see now.
You were using the version of ClamAV (0.98.4) from rpmforge, and I was using the version from EPEL (0.98.6) and they had different, somewhat conflicting configuration settings.
I think using clamav from EPEL is the better solution, as rpmforge seems to have gone to sleep. The Centos additional repositories page recommends against using it as it appears to be no longer maintained. Shame. Even the rpmforge mailing list has had almost no traffic. Even the last message from January is asking people to help restart the project got no responses.
It might be best to avoid rpmforge packages where possible until such time as it shows signs of life again, or is permanently retired.
You were using the version of ClamAV (0.98.4) from rpmforge, and I was using the version from EPEL (0.98.6) and they had different, somewhat conflicting configuration settings.
I think using clamav from EPEL is the better solution, as rpmforge seems to have gone to sleep. The Centos additional repositories page recommends against using it as it appears to be no longer maintained. Shame. Even the rpmforge mailing list has had almost no traffic. Even the last message from January is asking people to help restart the project got no responses.
It might be best to avoid rpmforge packages where possible until such time as it shows signs of life again, or is permanently retired.
- shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: permssions issue with freshclam and updates
rpmforge, yes. I mentioned CentOS Updates but you are right.
Another reason to move to epel now. ...
Another reason to move to epel now. ...