[Pkg-clamav-devel] Bug#972974: Bug#972974: clamav-freshclam start faild.

jean-christophe manciot actionmystique at gmail.com
Thu Oct 29 08:33:11 GMT 2020 

I have tried to add to /etc/apparmor.d/local/usr.bin.freshclam:
  capability dac_override,

and restarted apparmor then clamav-freshclam, the issue is still there:
# echo 'q' | sudo systemctl --no-pager --full status clamav-freshclam
● clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/lib/systemd/system/clamav-freshclam.service;
enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Thu 2020-10-29 09:06:06
CET; 42s ago
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://www.clamav.net/documents
    Process: 966650 ExecStart=/usr/bin/freshclam -d --foreground=true
(code=exited, status=9)
   Main PID: 966650 (code=exited, status=9)

Oct 29 09:06:06 hostname systemd[1]: Started ClamAV virus database updater.
Oct 29 09:06:06 hostname freshclam[966650]: ERROR: lchown to user
'clamav' failed on
Oct 29 09:06:06 hostname freshclam[966650]: log file
'/var/log/clamav/freshclam.log'.
Oct 29 09:06:06 hostname freshclam[966650]: Error was 'Operation not permitted'
Oct 29 09:06:06 hostname freshclam[966650]: Thu Oct 29 09:06:06 2020
-> ^lchown to user 'clamav' failed on log file
'/var/log/clamav/freshclam.log'.  Error was 'Operation not permitted'
Oct 29 09:06:06 hostname freshclam[966650]: Thu Oct 29 09:06:06 2020
-> !Failed to switch to clamav user.
Oct 29 09:06:06 hostname systemd[1]: clamav-freshclam.service: Main
process exited, code=exited, status=9/n/a
Oct 29 09:06:06 hostname systemd[1]: clamav-freshclam.service: Failed
with result 'exit-code'.

The error message regarding 'lchown' is strange: I have checked
/etc/init.d/clamav-freshclam, and also config and postinst included in
the DEBIAN folder of the package, none includes such a call.
However, postinst does include 'chown "$dbowner":adm
$FRESHCLAMLOGFILE' (with dbowner=clamav and
FRESHCLAMLOGFILE=/var/log/clamav/freshclam.log), so lchown does not
seem necessary wherever it is located.

On Thu, Oct 29, 2020 at 12:07 AM Sebastian Andrzej Siewior
<sebastian at breakpoint.cc> wrote:
>
> On 2020-10-27 07:22:22 [+0000], Michael Borgelt wrote:
> > I have tried different permissions for the file and the directory without
> > success. The obove permissions are after a clean reinstall off clamav
> > package.
>
> The problem appears to be the apparmor or freshclam's profile for it. So
> disabling apparmor should make freshclam work again.
> Probably adding
> |         capability dac_override,
>
> to the profile will help, too. I will test it later today…
>
> Sebastian



-- 
Jean-Christophe

More information about the Pkg-clamav-devel mailing list