[clamav-users] running freshclam and 3rd party/clamav-unofficial-sigs.sh owner name changes occasionally

G.W. Haywood clamav at jubileegroup.co.uk
Thu Jul 15 17:16:36 UTC 2021 

Hi there,

On Thu, 15 Jul 2021, Robert Kudyba wrote:

> I didn't have both set to yes but now I commented out LogSyslog and set
> freshclam to log to its own log:
> grep -v ^\# /etc/freshclam.conf | grep  .
> DatabaseDirectory /var/lib/clamav
> UpdateLogFile /var/log/freshclam.log
> DatabaseOwner clamav
> DatabaseMirror database.clamav.net
> ConnectTimeout 60
> ReceiveTimeout 60

See my earlier mail to the list today about the freshclam timeout,
60 seconds might be too short for the full file downloads.  Well,
it is on our pathetic British Telecom connection.

>> ... do you have that log?
>
> Uploaded at ...

Nothing remarkable there.  Presumably you're aware of this warning
in that log?

8<----------------------------------------------------------------------
WARNING: Failed connection to https://urlhaus.abuse.ch/downloads ...
8<----------------------------------------------------------------------

>>   Something changed the permissions on the directory /var/lib/clamav/...
>
> Right which is why I also tried added user clamav to the clamupdate group.

If you rely on group write permission you'll need to make the
directory writeable by members of the group:

chmod g+w /var/lib/clamav/

>> ... it may be better to settle on clamupdate:clamupdate for both
>> freshclam and the unofficial script.
>
> I'm starting to believe the same. This is how it's set on another server I
> oversee and no issues.

If it's the same OS distribution you should be able to compare the
configurations, see what they both put in the logs etc.  The command

clamconf -n

would be very useful for that but there are other configs as well.

>> It's also possible that you have something in the startup which is
>> setting the directory user:group too, we'll take a look at that
>> later if need be.
>
> I believe it's this file:
> cat /usr/lib/systemd/system/clamav-freshclam.service
> [Unit]
> Description=ClamAV virus database updater
> Documentation=man:freshclam(1) man:freshclam.conf(5)
> https://www.clamav.net/documents
> # If user wants it run from cron, don't start the daemon.
> ConditionPathExists=!/etc/cron.d/clamav-update
> Wants=network-online.target
> After=network-online.target
>
> [Service]
> ExecStart=/usr/bin/freshclam -d --foreground=true
>
> [Install]
> WantedBy=multi-user.target

Nothing there sets the user:group, I guess it's relying on the
freshclam configuration file.

-- 

73,
Ged.

More information about the clamav-users mailing list