clamav-users January 2008 archive
Main Archive Page > Month Archives  > clamav-users archives
clamav-users: Re: [Clamav-users] Problem with clamav on Linux

Re: [Clamav-users] Problem with clamav on Linux

From: Quỳnh H Nguyễn <huuquynh_at_nospam>
Date: Tue Jan 29 2008 - 14:52:29 GMT
To: "ClamAV users ML" <clamav-users@lists.clamav.net>


Dear Edwin,

Firstly thank you very much for your detail help and information.

I tried to move /var/clamav to /var/lib/clamav as your suggest.

[root@home lib]# ls -lRZ /var/lib/clamav /var/lib/clamav: drwxr-xr-x clamav clamav root:object_r:var_lib_t daily.inc
-rw-r--r-- clamav clamav root:object_r:var_lib_t main.cvd
-rw------- clamav clamav root:object_r:var_lib_t mirrors.dat
/var/lib/clamav/daily.inc:
-rw-r--r-- clamav clamav root:object_r:var_lib_t COPYING
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.cfg
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.db
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.fp
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.hdb
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.hdu
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.info
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.mdb
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.mdu
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.ndb
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.ndu
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.pdb
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.wdb
-rw-r--r-- clamav clamav root:object_r:var_lib_t daily.zmd
[root@home lib]#

Modify the /etc/clamd.conf and /etc/freshclam.conf for clamd and freshclam, and reboot the system. The error is still there.

/var/log/clamd.log:

Wed Jan 30 04:37:38 2008 -> +++ Started at Wed Jan 30 04:37:38 2008

Wed Jan 30 04:37:38 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)

Wed Jan 30 04:37:38 2008 -> Running as user clamav (UID 100, GID 101)

Wed Jan 30 04:37:38 2008 -> Log file size limit disabled.

Wed Jan 30 04:37:38 2008 -> Reading databases from /var/lib/clamav

Wed Jan 30 04:37:38 2008 -> ERROR: Unable to open file or directory

Error in /var/log/messages:

Jan 30 04:37:38 home clamd[2100]: clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)

Jan 30 04:37:38 home clamd[2100]: Running as user clamav (UID 100, GID 101)

Jan 30 04:37:38 home clamd[2100]: Log file size limit disabled.

Jan 30 04:37:38 home clamd[2100]: Reading databases from /var/lib/clamav

Jan 30 04:37:38 home clamd[2100]: Unable to open file or directory

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd (clamd_t) "search" access to kernel (sysctl_kernel_t). For complete SELinux messages. run sealert -l a81544c7-7a39-400f-af93-719ff8581a98

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd (clamd_t) "write" to clamav (var_lib_t). For complete SELinux messages. run sealert -l 3d9dbdd2-e6e9-4d61-a938-3733e05b5ab7

Jan 30 04:37:42 home setroubleshoot: SELinux is preventing /usr/sbin/clamd (clamd_t) "read" access to clamav (var_lib_t). For complete SELinux messages. run sealert -l 85d47553-cc29-4d53-b361-aeb35e537e1b

Error in /var/log/audit/audit.log:

type=AVC msg=audit(1201642658.094:6): avc: denied { search } for pid=2099 comm="clamd" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1201642658.094:6): arch=40000003 syscall=5 success=no exit=-13 a0=c03a64 a1=0 a2=c1dff4 a3=c1f974 items=0 ppid=2098 pid=2099 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201642658.244:7): avc: denied { write } for pid=2100 comm="clamd" name="clamav" dev=dm-0 ino=2195477 scontext=system_u:system_r:clamd_t:s0 tcontext=root:object_r:var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1201642658.244:7): arch=40000003 syscall=5 success=no exit=-13 a0=8b63c7c a1=242 a2=1fc a3=8b63c78 items=0 ppid=1 pid=2100 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201642658.350:8): avc: denied { read } for pid=2100 comm="clamd" name="clamav" dev=dm-0 ino=2195477 scontext=system_u:system_r:clamd_t:s0 tcontext=root:object_r:var_lib_t:s0 tclass=dir type=SYSCALL msg=audit(1201642658.350:8): arch=40000003 syscall=5 success=no exit=-13 a0=8b5f448 a1=18800 a2=0 a3=8b63d88 items=0 ppid=1 pid=2100 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

Please help me more! Thanks in advanced!


Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

   © Copyright 2012 Guardian Digital, Inc. All Rights Reserved.