permssions issue with freshclam and updates

General eFa discussion
Post Reply
Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

permssions issue with freshclam and updates

Post by Uk Bloke »

Hi
Getting this error via email each time the system tries to update:

Subject: Anacron job 'cron.daily' on xx.xxx.xxx

Body:
/etc/cron.daily/freshclam:

ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).

Any ideas?
ta
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

chown clamav:clamav /var/log/clamav/freshclam.log
Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke »

thanks
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

In reality this does not solve problem.

I suspect clamd definitions are updated via mailscanner scripts that sets freschlam log with root perms.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

Interesting....

I am not seeing this on my system, just ran a freshclam update.

Nothing else should be trying to update clamav except /etc/cron.daily/freshclam

Are you using ClamAV 0.98 or 0.98.1?
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Hi Shawn

I don't think the clamav definition is supposed to be updated by classic freshclam in efa/mailscanner:

I've: clamav-0.98.1-1.el6.rf.x86_64

I've found these evidence:

1) First there is the external signature that are updated via: /etc/cron.d/clamav-unofficial-sigs-cron
2) Second i have: cat /tmp/ClamAV.update.log
--------------------------------------
ClamAV update process started at Sun Apr 20 17:07:05 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18833, sigs: 900699, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)

This seems to be a log of a external freshclam updater

3) Third: we have /etc/cron.hourly/update_virus_scanners

I think freshclam is added when there is a clamav update from the repo.

You could try to disable freshclam and you will see that the definitions should be upgraded as well.

[root@mailgw1 cron.hourly]#
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Just another evidence found in logs:

22>1 2014-04-20T17:54:32.954081+02:00 mailgw1 postfix 24325 - - 0072B138260: removed
<22>1 2014-04-20T18:01:06.555092+02:00 mailgw1 update.bad.phishing.sites - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:01:45.315864+02:00 mailgw1 update.virus.scanners - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:05:07.918696+02:00 mailgw1 update.virus.scanners - - Found clamav installed
<22>1 2014-04-20T18:05:07.922651+02:00 mailgw1 update.virus.scanners - - Running autoupdate for clamav
<22>1 2014-04-20T18:05:14.002006+02:00 mailgw1 ClamAV-autoupdate 25516 - - ClamAV updated
<22>1 2014-04-20T18:05:14.280209+02:00 mailgw1 update.virus.scanners - - Found generic installed
<22>1 2014-04-20T18:05:14.282607+02:00 mailgw1 update.virus.scanners - - Running autoupdate for generic
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

umm...I see a potential problem.

EFA was built with a compiled version of ClamAV....0.98

You are using RPM version of ClamAV 0.98.1?
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Hi Shawn

I'm my case yes: I'm using a clamav package updated from addtional repo installed.
I had some problems in the beginning with perms, but now all is okay.

Anyway in any case the definition updates are performed by mailscanner script and not by clamav one.
Probably with your clamav packaged version the two scripts can both run togheter.

Just one question: is it the efa official clamav package compiled with some special feature/flag ?
I'm wondering at this point why not use a clamav package that comes from one of the many repo available (eg: rpmforge)

Thx
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

To help uk bloke:

Pls could u tell us if you have the original clamav packaged (eg: bundled with efa) or did u have updated it?

to see the version go on web gui->tools->clamav

Thx
Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke »

Hi
Last week I ran a full yum update: ClamAV 0.98.1

Thanks
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

Buzzo,

Do you have notes on what you did to get to ClamAV 0.98.1 using RPM?

I would be interested in adding this as an official update (without the freshclam issue, of course...)
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Nothing special, just upgraded the package.
If i rember correctly the only thing to change was the clamav daemon user in the conf.

I haven't actually any vm to retry the installation.
If you have one i cant try on it if u want.

Thx
Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke »

buzzzo wrote:Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
ClamAV Status
Version: ClamAV 0.98.1
Virus Identities: 15076
Database Timestamp: Mon Jun 25 00:00:16 2012 << seems very old!!!
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

Yeah that doesn't look right...
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker »

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?
I confirmed from a clean build of EFA that /var/lib/clamav doesn't exist....

Unless you enable EPEL....

Then things get interesting...
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker »

Ooooooh, I get it now.

I think you're right.

Let me check what repos I've enabled in the morning and report back. And if I have, I'll need to find out why I did it and messed everything up.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

To fix this issue if epel was manually added to EFA:

Code: Select all

# Reverse changes from EPEL version of clamd
sudo sed -i "/^DatabaseDirectory \/var\/lib\/clamav/ c\DatabaseDirectory /var/clamav" /etc/clamd.conf
sudo sed -i "/^User clam/ c\User clamav" /etc/clamd.conf
sudo rm -rf /var/lib/clamav
sudo userdel clam
sudo chown clamav:clamav /var/run/clamav
sudo service clamd start
buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo »

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.
https://github.com/E-F-A/v3/commit/70a2 ... 1a95ee806b

Problem is that the CentOS Update channel and EPEL channel has conflicting versions of clamd. This script will be used going forward with clam updates.
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker »

I see now.

You were using the version of ClamAV (0.98.4) from rpmforge, and I was using the version from EPEL (0.98.6) and they had different, somewhat conflicting configuration settings.

I think using clamav from EPEL is the better solution, as rpmforge seems to have gone to sleep. The Centos additional repositories page recommends against using it as it appears to be no longer maintained. Shame. Even the rpmforge mailing list has had almost no traffic. Even the last message from January is asking people to help restart the project got no responses.

It might be best to avoid rpmforge packages where possible until such time as it shows signs of life again, or is permanently retired.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson »

rpmforge, yes. I mentioned CentOS Updates but you are right.

Another reason to move to epel now. ...
Post Reply