Hi there, On Sat, 19 Nov 2011 Anne Wilson wrote:
> Running CentOS 6, I've started getting messages like ... > Can't open /var/log/clamav/freshclam.log in append mode > (check permissions!). Are you using something like a chroot jail or SeLinux? > what permissions freshclam.log should have? We haven't seen what's been done in your system, so we don't know what user(s) have permission to write to your files. The permissions (and other such things, see my question above) must allow a process which needs to write to it to write to it. When a process is started, it is given the permissions of a certain user. For things like clamd and freshclam this will often be the 'clamav' or 'mail' user, but it might be any other user. The user might not have permissions to start a login shell, check /etc/passwd for details. Very commonly a process starts with some set of permissions which are then changed (so it has fewer permissions). This is a security feature. If a process is subverted in some way by an attacker, the fewer permissions which that process has, the harder it is for the attacker to do any damage. > what other checks should I be making? Look at the process using operating system tools such as 'top' to find out which user is running freshclam. As has been suggested you could then try to write to the logfile using a shell for that user. You might want to rename the logfile and see if the freshclam process can create a new logfile, or you could create one: touch /var/log/clamav/freshclam.log then change the file permissions to whatever makes sense: chown some_user /var/log/clamav/freshclam.log chgrp some_group /var/log/clamav/freshclam.log Try to avoid giving very lax permissions (such as world write) to files and directories in an attempt to permit the processes to write to them, that's very poor security practice. -- 73, Ged. _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
