On 6/25/13 8:19:50AM, Denis McMahon wrote:
I'm guessing that the interesting data here is:open("/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) and sin_addr=inet_addr("127.0.0.1")}, 16) = 0 which, at a guess, I'd say meant that freshclam had been unable to open /etc/resolv.conf to get a list of nameservers, was using localhost as a nameserver, and was getting nothing back from localhost? $ host current.cvd.clamav.net localhost ;; connection timed out; no servers could be reached $ host current.cvd.clamav.net 127.0.0.1 ;; connection timed out; no servers could be reached $ Tends to confirm the latter .... So I installed dnsproxy, that didn't seem to help. Then looking in syslog I saw a lot of: Jun 25 15:55:34 server kernel: [883159.006897] type=1400 audit(1372172134.934:1143): apparmor="DENIED" operation="open" parent=25929 profile="/usr/bin/freshclam" name="/etc/network/nameservers" pid=25930 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=107 ouid=0 So the issue is that apparmor is blocking freshclam? After adding: /etc/resolv.conf r, /etc/network/nameservers r, in: /etc/apparmor.d/local/usr.bin.freshclam freshclam updated fine! Why dnsproxy didn't fix it I have no idea, but I'll remove it as I don't seem to need it anyway. Rgds Denis McMahon
This looks like Ubuntu which I don't have a version of or experience with - I've never seen it in any production data centers I've worked in. I didn't even know they made a server version :). I'm curious enough to install it as a vm though. Freshclam is binding to the local interface. That by itself is not a bad thing depending on what happens next (eg if a proxy is present and working). What does your /etc/network/interfaces file look like? Cloak IP's as needed.
SELinux has been mentioned and there may be a better test of that than what you performed, but that is an Ubuntuism I'm not familiar with. I'm also curious what your default route is as seen with netstat -rn and the result of pinging current.cvd.clamav.net.
dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
