Freshclam problems

Anne Wilson cannewilson at googlemail.com
Mon Nov 21 20:16:52 UTC 2011 

On Monday 21 November 2011 19:52:37 Anne Wilson wrote:
> Am 21.11.2011 20:45, schrieb Anne Wilson:
> > On Monday 21 November 2011 19:27:56 Anne Wilson wrote:
> >> Am 21.11.2011 20:09, schrieb Anne Wilson:
> >>> On Monday 21 November 2011 18:39:05 Anne Wilson wrote:
> >>>> Am 21.11.2011 19:32, schrieb Anne Wilson:
> >>>>> On my server, running CentOS 6, I've started getting messages like
> >>>>> 
> >>>>>  No updates detected in the log for the freshclam daemon (the
> >>>>>  ClamAV update process).  If the freshclam daemon is not running,
> >>>>>  you may need to restart it.  Other options:
> >>>>>  etc...
> >>>>> 
> >>>>> and
> >>>>> 
> >>>>> /etc/cron.daily/freshclam:
> >>>>> 
> >>>>> ERROR: Problem with internal logger (UpdateLogFile =
> >>>>> /var/log/clamav/freshclam.log).
> >>>>> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> >>>>> permissions!).
> >>>>> 
> >>>>> This began after an update, and I've changed nothing in the configs.
> >>>>> Freshclam ran without problems before the update, but I'm struggling
> >>>>> to sort this out.
> >>>>> 
> >>>>> First, then, can you tell me what permissions freshclam.log should
> >>>>> have? Currently it is owned clamav:clamav with rw access for clamav.
> >>>>> I read that freshclam is launched by root, but then drops to an
> >>>>> unprivileged user - is clamav that user?
> >>>>> 
> >>>>> What other checks should I be making?
> >>>> 
> >>>> Hallo Anne
> >>>> 
> >>>> have you checked the ACLs for the named files as well? what does the
> >>>> directory permission say? Is there another process blocking/locking
> >>>> the logfile (check with lsof)?
> >>> 
> >>> Which files, Martin?
> >> 
> >> Sorry I was not precise: check ACL of the log files.
> > 
> > You mean
> > 
> > ls -l  /var/log/clamav/freshclam.log
> > -rw-r--r--+ 1 clamav clamav 0 Nov 13 03:34 /var/log/clamav/freshclam.log
> > ?
> 
> Not entirely. Check ACL (getfacl or similar program). The + sign
> indicates that there is an aditional ACL set for this file. At least my
> log files does not have extra ACLs set.
> 
If this means what I think it means, it explains the problem - 

getfacl /var/log/clamav/freshclam.log
getfacl: Removing leading '/' from absolute path names
# file: var/log/clamav/freshclam.log
# owner: clamav
# group: clamav
user::rw-
user:anne:rwx                   #effective:r--
group::rw-                      #effective:r--
mask::r--
other::r--

> Try to remove the file as well (or move it to another place).
> 
If it's running as anne, is there any reason why the logfile can't be in anne's 
tree?

> and run 'lsof | grep freshclam' to see if any other program is locking
> the file.
> 
Nothing there.

Anne

More information about the kde mailing list