Unsubscribe From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Matthew Campbell via clamav-users Sent: 06 October 2020 01:32 To: ClamAV User Support Mailing List <clamav-users@lists.clamav.net> Cc: Matthew Campbell <treni...@pm.me> Subject: Re: [clamav-users] Freshclam can't get started
Ged wrote: Well I'd hardly call ClamAV databases "private data", since they are available to anyone at the cost of an HTTP request. The authors of ClamAV do things one way. Debian maintainers do it a different way. You've done it yet another way. If you began your journey into Linux with an attempt at a non-standard Debian installation then you likely bit off more than you could chew and you're making things a lot more difficult than necessary. Do you have SELinux or AppArmor installed? You haven't mounted the partition read-only have you? We'd better see your freshclam.conf. Matthew writes: The files in /user/ are private data and /user/ uses a separate file system to keep user data away from the root file system. I believe SELinux and AppArmor are both installed. /var/local is not mounted as read-only. Ged added: >> What do you plan to use ClamAV for? > I use ClamAV for general malware scanning. Given that you say you've had the problems you're describing since you started using Linux I wonder if it's never found anything. But if it did, how do you think it got there and what did you do about it? What security precautions are you taking to prevent compromises? Matthew writes: I use aide every day. I use clamscan on /user and /tmp every day. I use clamscan on other areas when deemed necessary. Ged added: >> You could remove all the clamav packages (there's more than one) >> and purge them, then reinstall. Try it. But don't try anything clever, just let the package manager do what it wants to do and let it install things where it wants to. That way at least we'll have a reasonable idea of what you've done. When you become more familiar with the system you can adjust things to your needs if it's really necessary. But only if it's necessary. Matthew writes: I used: # apt install clamav-base clamav-daemon clamav-docs clamav-freshclam clamav-milter clamav-testfiles clamav clamdscan to install ClamAV, at least according to the list of installed packages. Ged added: >> Please could you paste the output of >> ls -l /var/local/ > > These are the permission in /var/local/ > ... > drwsrws--- 3 clamav clamav 4096 Oct 3 12:53 clamav > ... Why the setuid/setgid bits? Quoting the 'info coreutils': "These mechanisms let users share files more easily, by lessening the need to use ‘chmod’ or ‘chown’ to share new files." which seems to be the exact opposite of what you're trying to do... Do the ClamAV daemons run as user clamav? Can we be clear that the system which is showing us the user and group names is the same one that's telling you which user and group run the ClamAV daemons? The reason for asking is that different systems can have a different mapping of user and group numerical IDs to user and group names, and there seems to be a lot that you haven't told us yet. Matthew writes: I used the setuid/gid bits to force any newly created files to be owned by the user:group clamav:clamav. The package manager created the clamav user and group. Ged added: > Unfortunately my email app insists on quoting previous > replies. Sorry about that. You might want to try a different mail client for correspondence on mailing lists, where patience is often at a premium. -- 73, Ged. Matthew writes: I can only use what is available to me. Contents of /etc/clamav/freshclam.conf: # Automatically created by the clamav-freshclam postinst # Comments will get lost when you reconfigure the clamav-freshclam package DatabaseOwner clamav UpdateLogFile /var/local/clamav/freshclam.log LogVerbose false LogSyslog false LogFacility LOG_LOCAL6 LogFileMaxSize 0 LogRotate true LogTime true Foreground false Debug false MaxAttempts 5 DatabaseDirectory /var/lib/clamav DNSDatabaseInfo current.cvd.clamav.net ConnectTimeout 30 ReceiveTimeout 0 TestDatabases yes ScriptedUpdates yes CompressLocalDatabase no SafeBrowsing true Bytecode true NotifyClamd /etc/clamav/clamd.conf # Check for new database 24 times a day Checks 24 DatabaseMirror db.local.clamav.net DatabaseMirror database.clamav.net Contents of /etc/clamav/clamd.conf: #Automatically Generated by clamav-daemon postinst #To reconfigure clamd run #dpkg-reconfigure clamav-daemon #Please read /usr/share/doc/clamav-daemon/README.Debian.gz for details LocalSocket /var/run/clamav/clamd.ctl FixStaleSocket true LocalSocketGroup clamav LocalSocketMode 666 # TemporaryDirectory is not set to its default /tmp here to make overriding # the default with environment variables TMPDIR/TMP/TEMP possible User clamav ScanMail true ScanArchive true ArchiveBlockEncrypted false MaxDirectoryRecursion 15 FollowDirectorySymlinks false FollowFileSymlinks true ReadTimeout 0 MaxThreads 12 MaxConnectionQueueLength 15 LogSyslog false LogRotate true LogFacility LOG_LOCAL6 LogClean false LogVerbose false PreludeEnable no PreludeAnalyzerName ClamAV DatabaseDirectory /var/lib/clamav OfficialDatabaseOnly false SelfCheck 3600 Foreground false Debug false ScanPE true MaxEmbeddedPE 10M ScanOLE2 true ScanPDF true ScanHTML true MaxHTMLNormalize 10M MaxHTMLNoTags 2M MaxScriptNormalize 5M MaxZipTypeRcg 1M ScanSWF true ExitOnOOM false LeaveTemporaryFiles false AlgorithmicDetection true ScanELF true IdleTimeout 30 CrossFilesystems true PhishingSignatures true PhishingScanURLs true PhishingAlwaysBlockSSLMismatch false PhishingAlwaysBlockCloak false PartitionIntersection false DetectPUA false ScanPartialMessages false HeuristicScanPrecedence false StructuredDataDetection false CommandReadTimeout 30 SendBufTimeout 200 MaxQueue 100 ExtendedDetectionInfo true OLE2BlockMacros false AllowAllMatchScan true ForceToDisk false DisableCertCheck false DisableCache false MaxScanTime 120000 MaxScanSize 100M MaxFileSize 25M MaxRecursion 16 MaxFiles 10000 MaxPartitions 50 MaxIconsPE 100 PCREMatchLimit 10000 PCRERecMatchLimit 5000 PCREMaxFileSize 25M ScanXMLDOCS true ScanHWP3 true MaxRecHWP3 16 StreamMaxLength 10240M LogFile /var/local/clamav/clamav.log LogTime true LogFileUnlock false LogFileMaxSize 0 Bytecode true BytecodeSecurity Paranoid BytecodeTimeout 60000 OnAccessMaxFileSize 5M Contents of /etc/clamav/clamav-milter.conf: #Automatically Generated by clamav-milter postinst #To reconfigure clamav-milter run #dpkg-reconfigure clamav-milter #Please read /usr/share/doc/clamav-base/README.Debian.gz for details MilterSocket /var/run/clamav/clamav-milter.ctl FixStaleSocket true User clamav ReadTimeout 120 Foreground false PidFile /var/run/clamav/clamav-milter.pid ClamdSocket unix:/var/run/clamav/clamd.ctl OnClean Accept OnInfected Quarantine OnFail Defer AddHeader Replace LogSyslog false LogFacility LOG_LOCAL6 LogVerbose false LogInfected Off LogClean Off LogRotate true MaxFileSize 25M SupportMultipleRecipients false TemporaryDirectory /tmp LogFile /var/log/clamav/clamav-milter.log LogTime true LogFileUnlock false LogFileMaxSize 1M MilterSocketGroup clamav MilterSocketMode 666 name=Matthew%20Campbell&email=trenix25%40pm.me This email has been scanned by BullGuard antivirus protection. For more info visit www.bullguard.com<http://www.bullguard.com/tracking.aspx?affiliate=bullguard&buyaffiliate=smtp&url=/>
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
