[clamav-users] running freshclam and 3rd party/clamav-unofficial-sigs.sh owner name changes occasionally

Robert Kudyba rkudyba at fordham.edu
Tue Jul 13 17:33:47 UTC 2021 

After an upgrade of Fedora and subsequent reboot the permission problem
returned. Same the files:
-rw-r--r-- 1 clamupdate clamupdate    293670 Apr  8 06:32 bytecode.cvd
-rw-r--r-- 1 clamupdate clamupdate 107169718 Jun 22 18:06 daily.cvd
-rw-r--r-- 1 clamupdate clamupdate 117859675 Nov 25  2019 main.cvd

as well as the directory:
ls -dl /var/lib/clamav
drwxr-xr-x 4 clamupdate clamupdate 8192 Jul 13 11:39 /var/lib/clamav

Also in the clamav-unofficial-sigs.log file
Jul 13 12:14:01 ERROR: clam database directory (clam_dbs) not writable
/var/lib/clamav

Permission log file is available at
https://storm.cis.fordham.edu/~rkudyba/clam_perms.log

>From the cron log file:
Jul 13 12:14:01 ourserver CROND[22349]: (clamav) CMD ([ -x
/usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash
/usr/local/sbin/clamav-unofficial-sigs.sh)
Jul 13 12:14:03  ourserver CROND[22318]: (clamav) CMDEND ([ -x
/usr/local/sbin/clamav-unofficial-sigs.sh ] && /usr/bin/bash
/usr/local/sbin/clamav-unofficial-sigs.sh)

On Mon, Jul 12, 2021 at 12:31 PM Robert Kudyba <rkudyba at fordham.edu> wrote:

>
>>
>> > grep clam /etc/passwd
>> > clamilt:x:989:985:Clamav Milter
>> User:/var/run/clamav-milter:/sbin/nologin
>> > clamav:x:985:981::/var/run/clamav:/sbin/nologin
>> > clamupdate:x:983:979:Clamav database update
>> user:/var/lib/clamav:/sbin/nologin
>> > clamscan:x:982:978:Clamav scanner user:/:/sbin/nologin
>>
>> Interesting.  The 'clamav' user seems not to have been created by the
>> same setup process which created the other three, since it didn't get
>> a text description.  There's a suspicious gap in the numeric IDs from
>> 985:981 to 989:985 like the milter IDs were added later.  Make sense?
>>
>> What does
>>
>> grep clam /etc/group
>>
>> give you?
>>
> grep clam /etc/group
> clamilt:x:985:clamav,clamscan
> clamav:x:981:clamscan,clamilt,clamupdate
> clamupdate:x:979:clamav
> clamscan:x:978:clamilt,clamav
> virusgroup:x:949:clamupdate,clamscan,clamilt
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.clamav.net/pipermail/clamav-users/attachments/20210713/34153d8a/attachment.htm>

More information about the clamav-users mailing list