[Wylug-help] ClamAV problems

Anne Wilson cannewilson at googlemail.com
Tue Jan 10 12:03:45 UTC 2012 

On 10/01/12 11:22, Simon Greenwood wrote:
> 
> 
> On 10 January 2012 10:24, Anne Wilson <cannewilson at googlemail.com
> <mailto:cannewilson at googlemail.com>> wrote:
> 
>     Every time CentOS has an update for ClamAV I have problems with it.  It
>     usually takes me 3-4 days to sort it out - not desirable - but this time
>     I don't seem to be able to get it right.  It seems to boil down to
>     whether certain files should be available to clam or to clamav.  The big
>     problem is that I don't know how to test when I make changes.  I assume
>     that freshclam has to run as clam (or as clamav?) but when I tried to su
>     to clam or clamav I was told that those accounts are not currently
>     available, so obviously they are not like normal users accounts.
> 
>     So, the first question is, how can I run a test for whether my changes
>     are effective?  I can't wait for another night's update - it's already a
>     dangerously long time.
> 
> 
> When you say you have problems what exactly are you seeing? 

Error messages such as

No updates detected in the log for the freshclam daemon (the
 ClamAV update process).  If the freshclam daemon is not running,
 you may need to restart it.

LibClamAV Warning: **************************************************
LibClamAV Warning: ***  The virus database is older than 7 days!  ***
LibClamAV Warning: ***   Please update it as soon as possible.    ***
LibClamAV Warning: **************************************************

[root at borg2 ~]# freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).
ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).

> Also, which
> repo are you updating ClamAV from as I don't believe it's in the CentOS
> core - we usually install it from the Atomic repos or using Atomic ASL.
>

That's interesting -

[root at borg2 ~]# rpm -qi clamav
Name        : clamav                       Relocations: (not relocatable)
Version     : 0.97.3                            Vendor: Fedora Project

I don't have any Fedora repo on my list, so I assume it's from rpmforge.

> You should be able to run freshclam manually as root or through sudo.
> The clam user doesn't have a shell, and nor should it as it's just the
> account that the daemon runs as.
> 
So the use of 'su' depends on a shell being present?  I didn't know
that.  I assumed that if there is an account on the user list you could
change to it.

As you see on the last error message I quoted, I can't run as root.
This seems to come back to whether the log files should be owned by clam
or clamav - all the archived ones are clamav, as is new clamd.log but
freshclam.log is owned by clam - possibly my doing.

This is the latest status:

cat clamd.log
Sun Jan  8 14:52:16 2012 -> SelfCheck: Database status OK.
Sun Jan  8 15:01:33 2012 -> ERROR: Can't unlink the pid file
/var/run/clamav/clamd.pid
Sun Jan  8 15:01:33 2012 -> --- Stopped at Sun Jan  8 15:01:33 2012
Sun Jan  8 15:01:33 2012 -> ERROR: Can't unlink the socket file
/var/run/clamav/clamd.sock

I found that "LogFileUnlock yes" was commented out in clamd.conf and
corrected that, but that doesn't seem to address these two issues.

Anne
-- 
Need KDE help?  Try
http://userbase.kde.org or
Http://forum.kde.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wylug-help/attachments/20120110/45073ef0/attachment.pgp>

More information about the Wylug-help mailing list