As another try, I tried to disable the apparmor profile by cd /etc/apparmor.d/disable ln -s ./../usr.sbin.clamd as described by Thomas above. Unexpectedly, that did not get rid of the message "ERROR: initgroups() failed". I found I had a file "usr.sbin(Kopie).clamd" in that folder; this file was a backup of the original, and got used by apparmor (went into the cache folder). After removing this backup copy (and reload apparmor) clamd could start.
Next try: use the original usr.sbin.clamd and add "capability setgid," as recommended by Christian above. After reload apparmor and restart clamd I got "ERROR: Failed to change socket ownership to group clamav Closing the main socket." But at system restart clamd started without error. So, it was the backup file in /etc/apparmor.d which caused the trouble. Maybe, I will gradually find out how to get on-access scan working. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1404762 Title: apparmor profile usr.sbin.clamd does not allow ScanOnAccess via fanotify To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1404762/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
