Hi--
On Jul 6, 2010, at 12:32 PM, JD wrote:
> For example, the packages installed from the build
> failed to create user clamupdate, which freshclam needs.
That username isn't the default one which the clamav sources assume, namely:
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
> So I had to fix that manually.
> Then freshclam was unable to create /var/log/freshclam.log even though
> I was running it as root. I had to fix that manually. Reason why it could
> not open it, is because it was openning it for *append*. If opened with
> append, the
> open syscall WILL NOT CREATE THE FILE if it does not exist. So this is a bug
> in freshclam.
freshclam either uses syslog or it looks like it calls fopen() to do logging
via shared/output.c. As far as I can tell, this works perfectly fine if the
logfile does not already exist, so long as the user it runs as has permissions
to create files at the location:
% cat test.c
#include <stdio.h>
FILE *logg_fp = NULL;
int main()
{
logg_fp = fopen("/tmp/test_logfile.txt", "at");
if (logg_fp == NULL) printf("ERROR!");
}
% cc -o test test.c
% ./test
% ls -l test_logfile.txt
-rw-rw-r-- 1 cswiger wheel 0 Jul 6 13:25 test_logfile.txt
> Furthermore, it appears that when freshclam is run as root, it appears to
> demote
> itself to the user clamupdate (after I created it). And since I had "touched"
> /var/log/freshclam.log (as root), it was owned by root and not write-able by
> freshclam. I had to fix that too.
> Finally, freshclam needs to create temporary stuff in /var/clamav
> which it cannot because clamav has a different uid than clamupdate,
> but have same gid. I had to chmod /var/clamav to 775 to allow freshclam to
> create
> temp files there.
> Also, freshclam should have a default clamd.conf pathname (such as
> /etc/clamd.conf),
> instead of just complain that it could not find /path/to/clamd.conf
>
> All in all, these packages are just not ready for the non-techie user!!
>From the sounds of things, I would agree.
However, you need to discuss that with the Fedora/RedHat package builders, and
not with the local folks on this list. Pretty much all of the issues you've
described are a result of how their package works (or doesn't).
If you built ClamAV from the source tarball, you'd avoid most of these issues.
Regards,
--
-Chuck
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
