freshclam.log permissions

Kalimari · **Posted:** Mon Feb 04, 2008 7:15 am

Due to log file rotation, I am greeted every Monday morning by:

Code:

/etc/cron.daily/freshclam:
ERROR: Problem with internal logger (--log=/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

freshclam.log is now owned by clamav:clamav. All the log files and path are configured correctly, but the new log file is always created with the wrong owner which is fixed (for 7 days) by manually running:

Code:

chown -R qscand:qscand /var/log/clamav

I have stopped/started the clamd service and triple checked paths, re-saved conf files etc. It was installed with ART qmail-scanner and I have checked the following:

Code:

vi /etc/clamd.conf
User qscand

vi /etc/freshclam.conf
DatabaseOwner qscand

Any ideas or suggestions on how to resolve this moderately annoying problem would be gratefully received. I have considered running cron command to fix permissions, but I'd prefer to solve the problem at source if possible.

Thanks all!

Kalimari · **Posted:** Wed Feb 13, 2008 4:01 am

After running clamav 0.92.1 update the user for virtually all files/directories clamav uses are wrong, they are set to clamav and not qscand.

I originally installed clamav as part of qmail-scanner from Atomic channel.

Any idea why this happens? I can manually fix them, but it makes me think there is something mis-configured. Any ideas anyone?

krho · **Joined:** Wed Feb 06, 2008 4:35 am **Posts:** 19

I beleive that clamav "installer" changes owner regardless the settings in clamd /freshclam conf files.

Kalimari · **Posted:** Wed Feb 13, 2008 7:52 am

Thanks krho,

I'll have to keep an eye on that in future. For now I ran:

Code:

chown -R qscand:qscand /var/clamav
chown -R qscand:qscand /var/log/clamav
chown -R qscand:qscand /var/run/clamav

No other changes seemed necessary.

scott · **Posted:** Wed Feb 13, 2008 9:24 am

I could have sworn Id added that to the cron job. You know you guys can send me patches right?

Kalimari · **Posted:** Wed Feb 13, 2008 11:47 am

Actually Scott, I didn't know I could send patches, but wouldn't know where to begin? Not something I've ever needed to do. If you can enlighten me I'd be glad to help out...

scott · **Posted:** Wed Feb 13, 2008 4:52 pm

check out the man page on diff, thats what you can use to create patch files with. Its really simple syntax, diff -u oldfile newfile.

Kalimari · **Posted:** Tue Feb 26, 2008 11:53 am

Follow up/solution: Have been tinkering the past few weeks to resolve the issue and finally struck gold! So, rather than outline all the failures, here's the solution (for me at least):

Code:

vi /etc/cron.daily/freshclam

Comment out/remove the chown line as follows:

Code:

LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
    #chown qscand.qscand "$LOG_FILE"
fi

Then add this directly afterwards, so it will check the owner is qscand outside the logic check for the freshclam.log file existing:

Code:

if [ `ls -l "$LOG_FILE" | awk '{print $3}'` != "qscand" ]; then
        chown qscand.qscand "$LOG_FILE"
fi

Leave the rest in place as follows:

Code:

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --log-verbose \
    --daemon-notify="/etc/clamd.conf"

Here's the whole thing in one go:

Code:

#!/bin/sh

### fix log file if needed
LOG_FILE="/var/log/clamav/freshclam.log"
if [ ! -f "$LOG_FILE" ]; then
    touch "$LOG_FILE"
    chmod 644 "$LOG_FILE"
fi

if [ `ls -l "$LOG_FILE" | awk '{print $3}'` != "qscand" ]; then
        chown qscand.qscand "$LOG_FILE"
fi

/usr/bin/freshclam \
    --quiet \
    --datadir="/var/clamav" \
    --log="$LOG_FILE" \
    --log-verbose \
    --daemon-notify="/etc/clamd.conf"

breun · **Posted:** Wed Feb 27, 2008 7:43 am

Did you maybe install ClamAV from RPMForge? Those packages use the clamav user instead of qscand.

Kalimari · **Posted:** Wed Feb 27, 2008 9:00 am

Thanks breun, but as mentioned (on Feb 13, 2008) I installed clamav as part of qmail-scanner from Atomic channel and had this issue from the start. Now at least it is working without a weekly error message

jens · **Posted:** Fri Mar 21, 2008 2:29 am

in case anybody else has this issue,

logrotate was messing me up by setting freshclam.log to default clamd user permissions, instead of qscand, and thereby preventing freshclam from doing its job...

check /etc/logrotate.d/freshclam

edit: I also see that my /etc/cron.daily/freshclam had the wrong logfile perms, but that would have only been created with bad perms if the logfile did not exist... in my case logrotate was causing this issue - maybe the same for others... anyhow - im sure scott will have it fixed!

scott · **Posted:** Fri Mar 21, 2008 8:02 am

If you're using ASL, the version in the asl-2.0-testing channel should fix this problem. We'll merge that into atomic when we're done with it.

BerArt · **Posted:** Fri Mar 21, 2008 9:40 am

Is it safe to run the "testing" chanel on a production server?

breun · **Posted:** Fri Mar 21, 2008 9:53 am

No. That's why it's called testing.

AntiochInteractive · **Posted:** Wed Jun 06, 2012 11:44 am

I'm having the same problem, but perhaps a slightly different scenario. I did not find a solution here.

/etc/cron.hourly/freshclam:

ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).

--

[root@server clamav]# ls -l
total 1288
-rw-rw-r-- 1 qscand qscand 86246 Jun 6 10:40 clamd.log
-rw-rw-r-- 1 qscand qscand 211763 Jun 3 08:01 clamd.log.1
-rw-rw-r-- 1 qscand qscand 135919 May 27 08:14 clamd.log.2
-rw-rw-r-- 1 qscand qscand 122161 May 20 07:55 clamd.log.3
-rw-rw-r-- 1 qscand qscand 190910 May 13 07:58 clamd.log.4
-rw-rw-r-- 1 qscand qscand 34672 Jun 5 11:01 freshclam.log
-rw-rw-r-- 1 qscand qscand 128118 Jun 3 08:01 freshclam.log.1
-rw-rw-r-- 1 qscand qscand 116805 May 27 08:14 freshclam.log.2
-rw-rw-r-- 1 qscand qscand 112873 May 20 07:55 freshclam.log.3
-rw-rw-r-- 1 qscand qscand 114775 May 13 07:58 freshclam.log.4

[root@server clamav]# rpm -q clamd
clamd-0.97.4-4.el5.art

[root@server clamav]# rpm -q clamav
clamav-0.97.4-4.el5.art

--

Any suggestions?

freshclam.log permissions

Who is online