On 07/06/2010 01:35 PM, Chuck Swiger wrote:
Hi--
On Jul 6, 2010, at 12:32 PM, JD wrote:
For example, the packages installed from the build
failed to create user clamupdate, which freshclam needs.
That username isn't the default one which the clamav sources assume, namely:
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
So I had to fix that manually.
Then freshclam was unable to create /var/log/freshclam.log even though
I was running it as root. I had to fix that manually. Reason why it could
not open it, is because it was openning it for *append*. If opened with append,
the
open syscall WILL NOT CREATE THE FILE if it does not exist. So this is a bug
in freshclam.
freshclam either uses syslog or it looks like it calls fopen() to do logging
via shared/output.c. As far as I can tell, this works perfectly fine if the
logfile does not already exist, so long as the user it runs as has permissions
to create files at the location:
% cat test.c
#include<stdio.h>
FILE *logg_fp = NULL;
int main()
{
logg_fp = fopen("/tmp/test_logfile.txt", "at");
if (logg_fp == NULL) printf("ERROR!");
}
% cc -o test test.c
% ./test
% ls -l test_logfile.txt
-rw-rw-r-- 1 cswiger wheel 0 Jul 6 13:25 test_logfile.txt
Furthermore, it appears that when freshclam is run as root, it appears to demote
itself to the user clamupdate (after I created it). And since I had "touched"
/var/log/freshclam.log (as root), it was owned by root and not write-able by
freshclam. I had to fix that too.
Finally, freshclam needs to create temporary stuff in /var/clamav
which it cannot because clamav has a different uid than clamupdate,
but have same gid. I had to chmod /var/clamav to 775 to allow freshclam to
create
temp files there.
Also, freshclam should have a default clamd.conf pathname (such as
/etc/clamd.conf),
instead of just complain that it could not find /path/to/clamd.conf
All in all, these packages are just not ready for the non-techie user!!
> From the sounds of things, I would agree.
However, you need to discuss that with the Fedora/RedHat package builders, and
not with the local folks on this list. Pretty much all of the issues you've
described are a result of how their package works (or doesn't).
If you built ClamAV from the source tarball, you'd avoid most of these issues.
Regards,
Point well taken. I agree that the packagers simply did not pay
attention to the finer details of the impact of their changes.
Cheers,
JD
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
