Thanks for reporting this issue. The default apparmor profile for the freshclam binary doesn't contain rules for scripts added to the /etc/clamav/onupdateexecute.d directory as we can't predict what those scripts will be doing.
You can fix this is one of three ways: 1- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add "/bin/dash ixr," and other rules necessary for your script to run properly. (recommended) 2- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add "/bin/dash Uxr,", which will let scripts run unconfined. This is a security compromise. 3- Disable the freshclam profile by doing "sudo touch /etc/apparmor.d/disable/usr.bin.freshclam". This disables apparmor security for the freshclam tool. This is not recommended. -- freshclam won't execute /etc/clamav/onupdateexecute.d scripts https://bugs.launchpad.net/bugs/585026 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
