permssions issue with freshclam and updates

General eFa discussion
Post Reply
Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

permssions issue with freshclam and updates

Post by Uk Bloke » 17 Apr 2014 08:24

Hi
Getting this error via email each time the system tries to update:

Subject: Anacron job 'cron.daily' on xx.xxx.xxx

Body:
/etc/cron.daily/freshclam:

ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).

Any ideas?
ta

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 17 Apr 2014 10:17

chown clamav:clamav /var/log/clamav/freshclam.log

Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke » 17 Apr 2014 11:22

thanks

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 18 Apr 2014 16:21

In reality this does not solve problem.

I suspect clamd definitions are updated via mailscanner scripts that sets freschlam log with root perms.

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 18 Apr 2014 19:44

Interesting....

I am not seeing this on my system, just ran a freshclam update.

Nothing else should be trying to update clamav except /etc/cron.daily/freshclam

Are you using ClamAV 0.98 or 0.98.1?
Version eFa 4.0.2 now available!

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 20 Apr 2014 15:53

Hi Shawn

I don't think the clamav definition is supposed to be updated by classic freshclam in efa/mailscanner:

I've: clamav-0.98.1-1.el6.rf.x86_64

I've found these evidence:

1) First there is the external signature that are updated via: /etc/cron.d/clamav-unofficial-sigs-cron
2) Second i have: cat /tmp/ClamAV.update.log
--------------------------------------
ClamAV update process started at Sun Apr 20 17:07:05 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18833, sigs: 900699, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)

This seems to be a log of a external freshclam updater

3) Third: we have /etc/cron.hourly/update_virus_scanners

I think freshclam is added when there is a clamav update from the repo.

You could try to disable freshclam and you will see that the definitions should be upgraded as well.

[root@mailgw1 cron.hourly]#

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 20 Apr 2014 16:36

Just another evidence found in logs:

22>1 2014-04-20T17:54:32.954081+02:00 mailgw1 postfix 24325 - - 0072B138260: removed
<22>1 2014-04-20T18:01:06.555092+02:00 mailgw1 update.bad.phishing.sites - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:01:45.315864+02:00 mailgw1 update.virus.scanners - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:05:07.918696+02:00 mailgw1 update.virus.scanners - - Found clamav installed
<22>1 2014-04-20T18:05:07.922651+02:00 mailgw1 update.virus.scanners - - Running autoupdate for clamav
<22>1 2014-04-20T18:05:14.002006+02:00 mailgw1 ClamAV-autoupdate 25516 - - ClamAV updated
<22>1 2014-04-20T18:05:14.280209+02:00 mailgw1 update.virus.scanners - - Found generic installed
<22>1 2014-04-20T18:05:14.282607+02:00 mailgw1 update.virus.scanners - - Running autoupdate for generic

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 21 Apr 2014 10:09

umm...I see a potential problem.

EFA was built with a compiled version of ClamAV....0.98

You are using RPM version of ClamAV 0.98.1?
Version eFa 4.0.2 now available!

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 21 Apr 2014 19:41

Hi Shawn

I'm my case yes: I'm using a clamav package updated from addtional repo installed.
I had some problems in the beginning with perms, but now all is okay.

Anyway in any case the definition updates are performed by mailscanner script and not by clamav one.
Probably with your clamav packaged version the two scripts can both run togheter.

Just one question: is it the efa official clamav package compiled with some special feature/flag ?
I'm wondering at this point why not use a clamav package that comes from one of the many repo available (eg: rpmforge)

Thx

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 21 Apr 2014 19:58

To help uk bloke:

Pls could u tell us if you have the original clamav packaged (eg: bundled with efa) or did u have updated it?

to see the version go on web gui->tools->clamav

Thx

Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke » 23 Apr 2014 11:56

Hi
Last week I ran a full yum update: ClamAV 0.98.1

Thanks

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 23 Apr 2014 13:05

Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 24 Apr 2014 00:07

Buzzo,

Do you have notes on what you did to get to ClamAV 0.98.1 using RPM?

I would be interested in adding this as an official update (without the freshclam issue, of course...)
Version eFa 4.0.2 now available!

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 28 Apr 2014 14:00

Nothing special, just upgraded the package.
If i rember correctly the only thing to change was the clamav daemon user in the conf.

I haven't actually any vm to retry the installation.
If you have one i cant try on it if u want.

Thx

Uk Bloke
Posts: 37
Joined: 07 Mar 2013 14:56

Re: permssions issue with freshclam and updates

Post by Uk Bloke » 30 Apr 2014 11:00

buzzzo wrote:Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update
ClamAV Status
Version: ClamAV 0.98.1
Virus Identities: 15076
Database Timestamp: Mon Jun 25 00:00:16 2012 << seems very old!!!

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 01 May 2014 18:13

Yeah that doesn't look right...
Version eFa 4.0.2 now available!

User avatar
pdwalker
Posts: 1297
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker » 21 Apr 2015 09:16

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 26 Apr 2015 16:37

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?
I confirmed from a clean build of EFA that /var/lib/clamav doesn't exist....

Unless you enable EPEL....

Then things get interesting...
Version eFa 4.0.2 now available!

User avatar
pdwalker
Posts: 1297
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker » 26 Apr 2015 16:54

Ooooooh, I get it now.

I think you're right.

Let me check what repos I've enabled in the morning and report back. And if I have, I'll need to find out why I did it and messed everything up.

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 26 Apr 2015 17:43

To fix this issue if epel was manually added to EFA:

Code: Select all

# Reverse changes from EPEL version of clamd
sudo sed -i "/^DatabaseDirectory \/var\/lib\/clamav/ c\DatabaseDirectory /var/clamav" /etc/clamd.conf
sudo sed -i "/^User clam/ c\User clamav" /etc/clamd.conf
sudo rm -rf /var/lib/clamav
sudo userdel clam
sudo chown clamav:clamav /var/run/clamav
sudo service clamd start
Version eFa 4.0.2 now available!

buzzzo
Posts: 94
Joined: 03 Feb 2014 09:09

Re: permssions issue with freshclam and updates

Post by buzzzo » 26 Apr 2015 20:40

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 26 Apr 2015 20:44

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.
https://github.com/E-F-A/v3/commit/70a2 ... 1a95ee806b

Problem is that the CentOS Update channel and EPEL channel has conflicting versions of clamd. This script will be used going forward with clam updates.
Version eFa 4.0.2 now available!

User avatar
pdwalker
Posts: 1297
Joined: 18 Mar 2015 09:16

Re: permssions issue with freshclam and updates

Post by pdwalker » 27 Apr 2015 02:16

I see now.

You were using the version of ClamAV (0.98.4) from rpmforge, and I was using the version from EPEL (0.98.6) and they had different, somewhat conflicting configuration settings.

I think using clamav from EPEL is the better solution, as rpmforge seems to have gone to sleep. The Centos additional repositories page recommends against using it as it appears to be no longer maintained. Shame. Even the rpmforge mailing list has had almost no traffic. Even the last message from January is asking people to help restart the project got no responses.

It might be best to avoid rpmforge packages where possible until such time as it shows signs of life again, or is permanently retired.

User avatar
shawniverson
Posts: 3104
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: permssions issue with freshclam and updates

Post by shawniverson » 27 Apr 2015 19:53

rpmforge, yes. I mentioned CentOS Updates but you are right.

Another reason to move to epel now. ...
Version eFa 4.0.2 now available!

Post Reply