I got this error in freshclam

diego · **Joined:** Tue Aug 05, 2008 5:01 pm **Posts:** 108

I am running clamav-0.94.2-3.el5.art

[root@server1 etc]# freshclam
ClamAV update process started at Sat Feb 7 23:07:26 2009
main.cvd is up to date (version: 49, sigs: 437972, f-level: 35, builder: sven)
ERROR: chdir_tmp: Can't create directory ./clamav-eb55b25a4beb18f2bd18e3ba69f69026
WARNING: Incremental update failed, trying to download daily.cvd
ERROR: getfile: Can't create new file /var/clamav/clamav-0a96430273e7660a0a741b252e342aea in /var/clamav
Hint: The database directory must be writable for UID 112 or GID 103
WARNING: Can't download daily.cvd from db.local.clamav.net

What can be causing this?

mikeshinn · **Posted:** Sat Feb 07, 2009 7:14 pm

The permissions for your /var/clamav (or where-ever your clamav dbs are help, sometimes /var/lib/clamav) are not set correctly. This is usually because freshclam is running a different user from clamd, or something changed the ownership of that directory.

check what user freshclam is running as and check /var/clamav (or whatever it is on your box) for what user/group owns it. Also check clamd - you dont want to change /var/clamav to something different from clamd (you'll break clamd).

diego · **Joined:** Tue Aug 05, 2008 5:01 pm **Posts:** 108

Hi mike.

/var/clamav

its owned by qscand / qscand

and freshclam its root /root

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

You have qmail-scanner installed?

In that case you need to edit /etc/freshclam.conf so that DatabaseOwner is qscand, as follows:

DatabaseOwner qscand

And in /etc/clamd.conf edit things so that User is qscand too, as follows:

User qscand

Then chown all files in /var/log/clamav and /var/clamav to qscand:qscand by using the following commands

Code:

chown -R qscand:qscand /var/clamav

and

Code:

chown -R qscand:qscand /var/log/clamav

Check if this has solved the problem by just running freshclam on the command line.

Check that clamd restarts correctly by doing

Code:

service clamd restart

Faris.

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

p.s. Anytime you update clamav using yum, the default ownerships are going to change, and in some cases you .conf files may get overwritten (though that's unusual).

So you need to do this/check this every time you use yum and a new version of clamav/clamd etc is installed.

Faris.

breun · **Posted:** Sun Feb 08, 2009 12:56 pm

Freshclam has its own user setting (called DatabaseOwner) in /etc/freshclam.conf. I always manually set this to qscand instead of the default clamav and chown the /var/clamav dir accordingly.

faris wrote:

p.s. Anytime you update clamav using yum, the default ownerships are going to change, and in some cases you .conf files may get overwritten (though that's unusual).

So you need to do this/check this every time you use yum and a new version of clamav/clamd etc is installed.

You'd think that the RPM packages could take care of this for us.

faris · **Joined:** Thu Dec 09, 2004 11:19 am **Posts:** 1846

Yeah, it would be nice if the ownerships were sorted automatically.

The thing is if you use qmail-scanner you end up using qscand and if you don't then you end up using clamav instead.

But remember that the /etc/cron.daily/freshclam script does sort out the ownerships of the directories and files automatically based on what's in the conf files.

Maybe that could get launched automatically after a clamav update, so it would sort everything out and avoid the problem. (otherwise you'd have to wait until the cron job runs)

What do you think Scott/Mike?

Faris.

scott · **Posted:** Sun Feb 08, 2009 2:12 pm

It does sort them out automatically on our systems

breun · **Posted:** Sun Feb 08, 2009 5:28 pm

Scott, what DatabaseOwner do you use in /etc/freshclam.conf, clamav or qscand? I've always had to manually adjust ownerships after ClamAV upgrades and it seems a lot of others are doing the same.

diego · **Joined:** Tue Aug 05, 2008 5:01 pm **Posts:** 108

Thank you Faris

Your method fixed

I will be aware of this every upgrade.

Thank you

scott · **Posted:** Sun Feb 08, 2009 9:06 pm

Its set to qscand on all my systems

breun · **Posted:** Mon Feb 09, 2009 6:38 am

Everything is configured to use qscand on our boxes as well. After a ClamAV update /var/clamav is owned by clamav:clamav and 755, so freshclam won't work, because qscand is not allowed to write in /var/clamav. The RPM packages also install files in /var/clamav owned by clamav:clamav that freshclam cannot overwrite. We have to run 'chown -R qscand:qscand /var/clamav' after ClamAV updates to get things to work.

scott · **Posted:** Mon Feb 09, 2009 11:08 am

http://3es.atomicrocketturtle.com/packa ... lamav.spec is the spec file if you want to take a crack an an update

breun · **Posted:** Mon Feb 09, 2009 11:26 am

I have no idea where to start with that one. What we're seeing is that /var/clamav is owned by clamav:clamav after ClamAV updates and there are also files owned by clamav:clamav in that directory after ClamAV updates. The /var/clamav directory is owned by both clamd and clamav-db, and apparently either or both of those packages set clamav:clamav as the owner of /var/clamav and some files in that directory. Running 'chown -R qscand:qscand /var/clamav' fixes this and gets things to work again. I don't know where in the RPM process this should be taken care of.

scott · **Posted:** Mon Feb 09, 2009 5:32 pm

could be a trigger in qmail-scanner too:

http://3es.atomicrocketturtle.com/packa ... anner.spec

what I do to debug this stuff is:

rpm -q --scripts <package>
rpm -q --triggers <package>

I got this error in freshclam

Who is online