LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-28-2005, 09:19 AM   #1
tp11235
Member
 
Registered: Feb 2005
Posts: 106
Blog Entries: 1

Rep: Reputation: 15
Question ClamAV (Freshclam) config problem - cannot append to log file


I am trying to get ClamAV going on my SuSE 9.1 system. I am using ClamAV 0.87.1. I ran ClamAV on the test files that came with it and it worked fine. However, I cannot get FreshClam to work.

I have created the log file and given it permissions and ownership as below:

-rwxrwxr-x 1 clamav clamav 64 Dec 28 13:35 clam-update.log

The documentation said to chmod 600, so surely 755 is more than enough?

When I run Freshclam (as root or clamav) I get the following error:

linux:/var/log # freshclam
ERROR: Can't open /var/log/clam-update.log in append mode (check permissions!).
ERROR: Problem with internal logger.
linux:/var/log #

My config file for Freshclam are as below:

Freshclam's config (extract):
Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
DatabaseDirectory /usr/local/ClamAV/clamav-0.87.1/database

# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clam-update.log

I am new to ClamAV so any advice on the problem gratefully received. Am I understanding "append mode" correctly - all it needs is write permission?

 
Old 12-31-2005, 11:50 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
if it's supposed to be 600 then leave it at that, you don't need it at 755 (logfiles never need to be executable)...

what's the permissions for your /var/log directory itself??

i'm using clamav too, but i don't think i'm using that logging feature... i'm gonna take a look - i'll let you know how it goes...

Last edited by win32sux; 12-31-2005 at 12:33 PM.
 
Old 12-31-2005, 12:28 PM   #3
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
well, i just took a look and i realized i am using that option actually...

seems to work fine for me, though... my log file's permission is 640, and it's in it's own directory (which has permission 750), although that shouldn't make a difference i don't think... here's what it looks like for me:
Code:
bash-3.00# ls -l /var/log/ | grep clamav       
drwxr-x---  2 clamav clamav      80 2005-11-04 02:53 clamav

bash-3.00# ls -l /var/log/clamav/freshclam.log 
-rw-r-----  1 clamav clamav 1492 2005-12-31 12:21 /var/log/clamav/freshclam.log
the relevant line in my freshclam.conf looks like:
Code:
UpdateLogFile /var/log/clamav/freshclam.log
i can also confirm i'm using 0.87.1:
Code:
bash-3.00# ls /var/log/packages/ | grep clamav
clamav-0.87.1-i486-1

Last edited by win32sux; 12-31-2005 at 12:31 PM.
 
Old 01-03-2006, 10:37 AM   #4
notorp
LQ Newbie
 
Registered: Sep 2005
Distribution: Fedora 10/9/8/6 - FC3 - RH9 + Puppy Dog
Posts: 27

Rep: Reputation: 15
Hi,

I'm using FC4 I've got clamav installed with freshclam but setup mainly for amavisd-new to check in coming mail.

My freshclam works fine I have it setup using a user called amavis
Code:
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
DatabaseOwner amavis
but that is mainly for linking all the parts amavisd-new, clamav and freshcalm together.

The directory, and all log files are owned by amavis and located in /var/log

In logrotate I modified it slightly to read:
create 640 amavis amavis
apart from that all works fine.

I would agree 640 not 600!

Code:
ll /var/log
drwxr-xr-x  2 amavis amavis     4096 Jan  3 12:55 clamav

ll /var/log/clamav/
-rw-r-----  1 amavis amavis    0 Jan  3 12:55 clamd.log
-rw-r-----  1 amavis amavis 1070 Jan  3 15:30 freshclam.log
log info from freshclam.conf

Code:
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log

# Enable verbose logging.
# Default: disabled
#LogVerbose

Last edited by notorp; 01-03-2006 at 10:41 AM.
 
Old 01-03-2006, 10:45 AM   #5
notorp
LQ Newbie
 
Registered: Sep 2005
Distribution: Fedora 10/9/8/6 - FC3 - RH9 + Puppy Dog
Posts: 27

Rep: Reputation: 15
I almost forgot

There is an option to allow supplementary group

Code:
# Initialize supplementary group access (freshclam must be started by root).
# Default: disabled
AllowSupplementaryGroups
Plus I did find at one point of my install that the settings in the /etc/clamd.conf file were having an effect on freshclam but I don't remember which ones. All the users had been switched to amavis and sup groups was turned on.

Last edited by notorp; 01-03-2006 at 10:46 AM.
 
Old 08-11-2006, 03:41 PM   #6
tp11235
Member
 
Registered: Feb 2005
Posts: 106

Original Poster
Blog Entries: 1

Rep: Reputation: 15
Thanks for the help

Sorry I took so long to reply: very busy term.

Freshclam is working now - but not logging at all. I set the permissions at 640 but otherwise I don't remember what I did and my notes are sparse!

It does not seem to be affected by the .conf file - I need to go back to square one. But no hurry when the database is being updated OK.

Thanks for the help anyway.
 
Old 09-29-2006, 04:54 PM   #7
tp11235
Member
 
Registered: Feb 2005
Posts: 106

Original Poster
Blog Entries: 1

Rep: Reputation: 15
All sorted now, but only by moving to Gentoo. I think that my SuSE system was so messed around (by me) that nothing was going to work properly. In Gentoo ClamAv worked first time out of the box.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Append error message to the log ust Linux - Software 0 05-24-2005 12:07 AM
Clamav freshclam Tihi Linux - Software 3 03-23-2005 12:18 PM
> writes a new file, how to append? luwigie Linux - General 1 08-26-2004 09:42 PM
tar append file juno Linux - General 5 10-24-2002 03:59 AM
append to file d-rez Linux - Newbie 2 06-20-2002 05:55 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:22 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration