Duncan Drury wrote:
Hello,
My install of clamav seems to have suddenly stopped working this week. I
use clamav with amavisd to scan mail in my postfix installation
running on
FreeBSD. On Monday all mail stopped being processed and I got the
following
errors:
We've also had something similar happen to us on our secondary FreeBSD
ClamAV boxes (clamd suddenly dies with a "reload db failed: Unable to
open file or directory" error). We tracked it to the fact that for us:
a) freshclam doesn't run as user clamav but rather syncguy on our
secondary boxes (the sigs on the secondaries are sync'd via scp from our
primary box and syncguy is the ssh account used for access; on our
secondaries freshclam is actually just used as a backup in case the
primary goes down or the scp fails); b) clamd runs as clamav and is part
of the clamav group; and c) the daily.inc directory is owned by
syncguy:clamav (so freshclam can write to it and clamd has access via
group read perms).
The failure happens when the perms on the daily.inc directory
mysteriously become 700 and thus deny group reads. Since the vast
majority of people likely run clamd and freshclam as the same user,
they'd notice nothing odd if the perms become 700.
I've checked /var/db/clamav and daily.inc does exist, and the
directory and
all files in it are owned by clamav:clamav. In order to try and fix
this, I
added the user amavisd runs under to the clamav group, which has read
access
to daily.inc. This doesn't seem to have made any difference.
When it next fails, would you mind checking to see what permissions
there are on the daily.inc directory? As above, I'm betting the perms
on daily.inc get reset to 700, so the group doesn't matter.
I can fix the problem by uninstalling clamav, and then reinstalling. But
the problem came back today.
When ClamAV is installed, the perms on the directory are fine (i.e.
755), so initially clamd would work after a reinstall.
Could freshclam be making some change to the
file which is causing this problem.
As freshclam is the only thing creating or modifying subdirectories
inside the sig directory, I can't see anything else being the
culprit. My scp syncing certainly doesn't play with directory permissions.
I haven't made any changes to my
postfix/amavisd/clamav set up for some months prior to this problem
arising.
Well, daily.inc is only used by ClamAV 0.9+, so you've made that change
at least. ;-)
I'm working around the problem by re-jigging my setup so clamd also runs
as syncguy (clamd is only contacted via TCP from clamav-milter so it
really doesn't matter who it runs as as long as it's non-privileged).
If you find this is the same issue you're seeing, you may wish to run
freshclam and clamd as user amavisd, and make amavisd the owner of your
sig dir (/var/db/clamav).
Regards,
Craig.
------
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
