Re: [Clamav-users] Problem with clamav on Linux

Quỳnh H Nguyễn Tue, 29 Jan 2008 06:53:17 -0800

Dear Edwin,

Firstly thank you very much for your detail help and information.


I tried to move /var/clamav to /var/lib/clamav as your suggest.

[EMAIL PROTECTED] lib]# ls -lRZ /var/lib/clamav
/var/lib/clamav:
drwxr-xr-x  clamav clamav root:object_r:var_lib_t          daily.inc
-rw-r--r--  clamav clamav root:object_r:var_lib_t          main.cvd
-rw-------  clamav clamav root:object_r:var_lib_t          mirrors.dat
/var/lib/clamav/daily.inc:
-rw-r--r--  clamav clamav root:object_r:var_lib_t          COPYING
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.cfg
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.db
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.fp
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.hdb
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.hdu
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.info
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.mdb
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.mdu
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.ndb
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.ndu
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.pdb
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.wdb
-rw-r--r--  clamav clamav root:object_r:var_lib_t          daily.zmd
[EMAIL PROTECTED] lib]#

Modify the /etc/clamd.conf and /etc/freshclam.conf for clamd and freshclam,
and reboot the system. The error is still there.

/var/log/clamd.log:

Wed Jan 30 04:37:38 2008 -> +++ Started at Wed Jan 30 04:37:38 2008

Wed Jan 30 04:37:38 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: i386,
CPU: i386)

Wed Jan 30 04:37:38 2008 -> Running as user clamav (UID 100, GID 101)

Wed Jan 30 04:37:38 2008 -> Log file size limit disabled.

Wed Jan 30 04:37:38 2008 -> Reading databases from /var/lib/clamav

Wed Jan 30 04:37:38 2008 -> ERROR: Unable to open file or directory

Error in /var/log/messages:

Jan 30 04:37:38 home clamd[2100]: clamd daemon 0.92 (OS: linux-gnu, ARCH:
i386, CPU: i386)

Jan 30 04:37:38 home clamd[2100]: Running as user clamav (UID 100, GID 101)

Jan 30 04:37:38 home clamd[2100]: Log file size limit disabled.

Jan 30 04:37:38 home clamd[2100]: Reading databases from /var/lib/clamav

Jan 30 04:37:38 home clamd[2100]: Unable to open file or directory

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "search" access to kernel (sysctl_kernel_t). For complete SELinux
messages. run sealert -l a81544c7-7a39-400f-af93-719ff8581a98

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "write" to clamav (var_lib_t). For complete SELinux messages. run
sealert -l 3d9dbdd2-e6e9-4d61-a938-3733e05b5ab7

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "read" access to clamav (var_lib_t). For complete SELinux
messages. run sealert -l 85d47553-cc29-4d53-b361-aeb35e537e1b

Error in /var/log/audit/audit.log:

type=AVC msg=audit(1201642658.094:6): avc: denied { search } for pid=2099
comm="clamd" name="kernel" dev=proc ino=-268435416
scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir

type=SYSCALL msg=audit(1201642658.094:6): arch=40000003 syscall=5 success=no
exit=-13 a0=c03a64 a1=0 a2=c1dff4 a3=c1f974 items=0 ppid=2098 pid=2099
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201642658.244:7): avc: denied { write } for pid=2100
comm="clamd" name="clamav" dev=dm-0 ino=2195477
scontext=system_u:system_r:clamd_t:s0 tcontext=root:object_r:var_lib_t:s0
tclass=dir

type=SYSCALL msg=audit(1201642658.244:7): arch=40000003 syscall=5 success=no
exit=-13 a0=8b63c7c a1=242 a2=1fc a3=8b63c78 items=0 ppid=1 pid=2100
auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101
sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201642658.350:8): avc: denied { read } for pid=2100
comm="clamd" name="clamav" dev=dm-0 ino=2195477
scontext=system_u:system_r:clamd_t:s0 tcontext=root:object_r:var_lib_t:s0
tclass=dir

type=SYSCALL msg=audit(1201642658.350:8): arch=40000003 syscall=5 success=no
exit=-13 a0=8b5f448 a1=18800 a2=0 a3=8b63d88 items=0 ppid=1 pid=2100
auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101
sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)



Please help me more! Thanks in advanced!
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html

Re: [Clamav-users] Problem with clamav on Linux

Reply via email to