On Mon, 19 May 2003, Tomasz Kojm wrote:
> > We see the following behavior:
> >
> > --------------------------------------
> > Checking for a new database - started at Tue May 13 13:09:55 2003
> > viruses.db is up to date.
> > viruses.db2 is up to date.
> >
> > --------------------------------------
> > Checking for a new database - started at Tue May 13 16:09:55 2003
> > ERROR: Can't connect to port 80 of host clamav.elektrapro.com
> > ERROR: Connection with clamav.elektrapro.com failed.
> > Checking for a new database - started at Tue May 13 16:09:55 2003
> > ERROR: Can't create md5 checksum of the viruses.db database.
> >
> > --------------------------------------
> > Checking for a new database - started at Tue May 13 19:09:55 2003
> > ERROR: Can't create md5 checksum of the viruses.db database.
>
> It seems rather to be a permission problem (the database was stat()ed but
> freshclam wasn't able to generate md5 checksum, i.e. to read it), however
> it's strange... Some additional information will be useful: freshclam UID/GID,
> permissions on db dir, etc.
That's the strange part... if we restart freshclam, without changing
anything else, it immediately works fine (and eventually the problem
happens again). There is nothing that can change the signature files
except for freshclam.
---
gamera:~> ls -ld /opt/clamav-20030317/
drwxr-xr-x 9 root staff 512 Mar 18 15:13
/opt/clamav-20030317/
gamera:~> ls -lR /opt/clamav-20030317/share
/opt/clamav-20030317/share:
total 2
drwxrwxr-x 2 clamav clamav 512 May 19 11:06 clamav
/opt/clamav-20030317/share/clamav:
total 2182
-rw-r--r-- 1 clamav clamav 1103347 May 19 11:06 viruses.db
-rw-r--r-- 1 clamav clamav 2063 Mar 18 15:16 viruses.db2
---
gamera:~> egrep clamav /etc/passwd
clamav:x:79:79:Clam AntiVirus:/opt/clam:/bin/false
gamera:~> egrep clamav /etc/group
defang::103:clamav
clamav::79:clamav,ed,cash,tbaxter,mike,ron,vette,mm,grim
---
We don't even run clamd with permissions to change the db:
---
gamera.nss.udel.edu# ps -eaf | egrep clam
clamav 20313 1 0 12:23:07 ? 0:00 /opt/clam/bin/freshclam -d
-c 8 -l /var/adm/clam.log --daemon-notify=/opt/clam/
defang 14708 1 0 11:05:39 ? 1:14 /opt/clam/sbin/clamd -c
/opt/clam/etc/clamav.conf
gamera.nss.udel.edu# pcred 20313
20313: e/r/suid=79 e/r/sgid=79
gamera.nss.udel.edu# pcred 14708
14708: e/r/suid=103 e/r/sgid=103
UID 103 is "defang"... clamd needs to run as "defang" so it can access the
mail files which are owned by "defang", mode 0600. freshclam is the only
thing that runs as "clamav" and has permission to alter the db files.
Thanks,
Ed
Ed Phillips <[EMAIL PROTECTED]> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l [EMAIL PROTECTED] for PGP public key
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
