clamav-users January 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] Problem with clamav on Linux

Re: [Clamav-users] Problem with clamav on Linux

From: Quỳnh H Nguyễn <huuquynh_at_nospam>
Date: Mon Jan 28 2008 - 18:53:33 GMT
To: "ClamAV users ML" <clamav-users@lists.clamav.net>


Linux distribution is: Redhat Linux 5.1 (Tikanga)

After set the SELinux on again to get the error log exactly. I received the error message when system start service clamd:

I can not remember exactly, but it means that clamd service can not open /var/log/clamav/clamd.log in append mode.

I'd just seen that this directory: /var/log/clamav is owned by root. I tried again by chown -R clamav:clamav /var/log/clamav, and restart again. Result is [OK], but clamd does not start actually.

This is the command result that you asked:

[root@home ~]# ls -IRZ /var/clamav
daily.inc main.cvd mirrors.dat
[root@home ~]#

Error message in /var/log/messages:

Jan 29 08:39:55 home clamd[2099]: clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)

Jan 29 08:39:55 home clamd[2099]: Running as user clamav (UID 100, GID 101)

Jan 29 08:39:55 home clamd[2099]: Log file size limit disabled.

Jan 29 08:39:55 home clamd[2099]: Reading databases from /var/clamav

Jan 29 08:39:55 home clamd[2099]: Unable to open file or directory

Jan 29 08:40:00 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "search" access to kernel (sysctl_kernel_t). For complete SELinux
messages. run sealert -l a81544c7-7a39-400f-af93-719ff8581a98

Jan 29 08:40:00 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "write" access to clamav (var_t). For complete SELinux messages.
run sealert -l 06e60e50-2f63-47f9-bf66-00551392ecb6

Jan 29 08:40:00 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "read" access to clamav (var_t). For complete SELinux messages.
run sealert -l 243a911c-c6c8-4cd0-84c0-0c5ff5cbfc0d

Error message in /var/log/audit/audit.log:

type=AVC msg=audit(1201570795.547:6): avc: denied { search } for pid=2098 comm="clamd" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1201570795.547:6): arch=40000003 syscall=5 success=no exit=-13 a0=c03a64 a1=0 a2=c1dff4 a3=c1f974 items=0 ppid=2097 pid=2098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201570795.731:7): avc: denied { write } for pid=2099 comm="clamd" name="clamav" dev=dm-0 ino=2195478 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir type=SYSCALL msg=audit(1201570795.731:7): arch=40000003 syscall=5 success=no exit=-13 a0=8f0fc74 a1=242 a2=1fc a3=8f0fc70 items=0 ppid=1 pid=2099 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201570795.828:8): avc: denied { read } for pid=2099 comm="clamd" name="clamav" dev=dm-0 ino=2195478 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:var_t:s0 tclass=dir type=SYSCALL msg=audit(1201570795.828:8): arch=40000003 syscall=5 success=no exit=-13 a0=8f0b420 a1=18800 a2=0 a3=8f0fd80 items=0 ppid=1 pid=2099 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null) Thank you very much!

PS. I had search "clamd" to find the error logs in both messages and audit.log.


Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.