Hi there,
On Sun, 11 Jul 2021, Robert Kudyba wrote:
On Sat, 10 Oct 2020, G.W. Haywood wrote:
On Sat, 10 Oct 2020, Robert Kudyba wrote:
... next time it happens I can try some of these:
...
... put some logging in place before it does, so you get as precise a
timeline as you can.
Indeed and here we are 9 months later and the problem is back. I can see
this happened after Jul 3 at 4:22 AM:
...
Jul 03 05:14:01 ERROR: clam database directory (clam_dbs) not writable
/var/lib/clamav
Where's the log of the permissions, listed every minute, which I
suggested to you back in October?!
On Fri, 9 Oct 2020, G.W. Haywood wrote:
|> ...start with some simple logging [...] Something like this
|> in a crontab:
|>
|> * * * * * /bin/echo -n "$(/bin/date) " >> /var/log/clam_perms.log ; \
|> /bin/ls -l /var/lib/clamav >> /var/log/clam_perms.log
On Sun, 11 Jul 2021, Robert Kudyba wrote:
ls -ld /var/lib/clamav
drwxr-xr-x. 4 clamupdate clamupdate 8192 Jul 3 04:46 */var/lib/clamav*
The 'dot' after the directory permissions probably means that SELinux
or similar is involved. If so, it might have been good to mention it
earlier. Have you made sure that there's no other access control than
the file and directory permissions which you've been showing us?
If you made the permissions
drwxrwxr-x
instead, you could probably forget about it - but again it might be to
paper over a crack. Another thought, do you have the 'setgid' bit set
on one of the parent directories?
... these 3 files have their owner changed but note the old date timestamp:
-rw-r--r-- 1 clamupdate clamupdate 293670 Apr 8 06:32 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 107169718 Jun 22 18:06 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 117859675 Nov 25 2019 main.cvd
If it's only these files which are getting the wrong UID/GID then it
sort of implicates whatever is running freshclam, since that's likely
to be the thing which modifies only those files. But I'd still want
to see that log.
grep 985 /etc/passwd
clamav:x:*985*:981::/var/run/clamav:/sbin/nologin
I guess that group 981 is the GID of the 'clamupdate' group?
--
73,
Ged.
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
