Hi Micah, Thanks for your very detailed answer. I'm not an apparmor expert either, but I doubt it is related to apparmor: - the clamd & freshclam profiles authorizes the access to: + /etc/clamav/clamd.conf r, + /etc/clamav/freshclam.conf r, + /var/lib/clamav/ r, + /var/lib/clamav/** krw, - there is no specific dedicated access right for symlinks in http://manpages.ubuntu.com/manpages/hirsute/man5/apparmor.d.5.html nor in the capabilities http://manpages.ubuntu.com/manpages/hirsute/man7/capabilities.7.html, so it seems fair to assume that 'r - Read mode' and 'w - Write mode' allow symlinks accesses. - apparmor logs the access error(s) when a process tries to access a resource for which it is not authorized. In this case, there is not such apparmor error in the logs:
# grep apparmor /var/log/syslog # journalctl -xe|grep -i apparmor # grep clam /var/log/syslog Mar 29 10:21:08 host clamd[15160]: ERROR: Can't open/parse the config file /etc/clamav/clamd.conf Mar 29 10:21:08 host systemd[1]: clamav-daemon.service: Main process exited, code=exited, status=1/FAILURE Mar 29 10:21:08 host systemd[1]: clamav-daemon.service: Failed with result 'exit-code'. Mar 29 10:21:09 host freshclam[15655]: ERROR: Can't open/parse the config file /etc/clamav/freshclam.conf Mar 29 10:21:09 host systemd[1]: clamav-freshclam.service: Main process exited, code=exited, status=2/INVALIDARGUMENT Mar 29 10:21:09 host systemd[1]: clamav-freshclam.service: Failed with result 'exit-code'. # journalctl -xe|grep -i clam # _______________________________________________ clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
