[Clamav-devel] [SUSPECTED SPAM] [Feature request] Support Linux symlinks for all configuration and database folders
Joel Esler (jesler)
jesler at cisco.com
Mon Mar 29 13:00:41 UTC 2021
Thank you for writing in.
Go to this URL to change user options or unsubscribe:
https://lists.ClamAV.net/mailman/listinfo/ClamAV-devel
or by sending an email to ClamAV-devel-leave at lists.ClamAV.net
Thanks!
On Mar 29, 2021, at 8:06 AM, Sinimalé Freddy <sinimalefreddy at gmail.com<mailto:sinimalefreddy at gmail.com>> wrote:
Hello,
Could you remove me from the list please ....
-------------------------
Best Regards
Sinimalé Freddy
Le lun. 29 mars 2021 à 13:05, jean-christophe manciot <
actionmystique at gmail.com<mailto:actionmystique at gmail.com>> a écrit :
Hi Micah,
Thanks for your very detailed answer.
I'm not an apparmor expert either, but I doubt it is related to apparmor:
- the clamd & freshclam profiles authorizes the access to:
+ /etc/clamav/clamd.conf r,
+ /etc/clamav/freshclam.conf r,
+ /var/lib/clamav/ r,
+ /var/lib/clamav/** krw,
- there is no specific dedicated access right for symlinks in
http://manpages.ubuntu.com/manpages/hirsute/man5/apparmor.d.5.html nor
in the capabilities
http://manpages.ubuntu.com/manpages/hirsute/man7/capabilities.7.html,
so it seems fair to assume that 'r - Read mode' and 'w - Write mode'
allow symlinks accesses.
- apparmor logs the access error(s) when a process tries to access a
resource for which it is not authorized.
In this case, there is not such apparmor error in the logs:
# grep apparmor /var/log/syslog
# journalctl -xe|grep -i apparmor
# grep clam /var/log/syslog
Mar 29 10:21:08 host clamd[15160]: ERROR: Can't open/parse the config
file /etc/clamav/clamd.conf
Mar 29 10:21:08 host systemd[1]: clamav-daemon.service: Main process
exited, code=exited, status=1/FAILURE
Mar 29 10:21:08 host systemd[1]: clamav-daemon.service: Failed with
result 'exit-code'.
Mar 29 10:21:09 host freshclam[15655]: ERROR: Can't open/parse the
config file /etc/clamav/freshclam.conf
Mar 29 10:21:09 host systemd[1]: clamav-freshclam.service: Main
process exited, code=exited, status=2/INVALIDARGUMENT
Mar 29 10:21:09 host systemd[1]: clamav-freshclam.service: Failed with
result 'exit-code'.
# journalctl -xe|grep -i clam
#
_______________________________________________
clamav-devel mailing list
clamav-devel at lists.clamav.net<mailto:clamav-devel at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-devel
Please submit your patches to our Github:
https://github.com/Cisco-Talos/clamav-devel/pulls
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
_______________________________________________
clamav-devel mailing list
clamav-devel at lists.clamav.net<mailto:clamav-devel at lists.clamav.net>
https://lists.clamav.net/mailman/listinfo/clamav-devel
Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
More information about the clamav-devel
mailing list