Re: [Clamav-users] Problem with clamav on Linux

Dear Edwin,

After execute your command: "fixfiles restore /var/lib/clamav", there is another error, but I think that you are nearly to fix my error.

Here is /var/log/clamav/clamd.log:

Wed Jan 30 05:20:58 2008 -> +++ Started at Wed Jan 30 05:20:58 2008

Wed Jan 30 05:20:58 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)

Wed Jan 30 05:20:58 2008 -> Running as user clamav (UID 100, GID 101)

Wed Jan 30 05:20:58 2008 -> Log file size limit disabled.

Wed Jan 30 05:20:58 2008 -> Reading databases from /var/lib/clamav

Wed Jan 30 05:21:07 2008 -> Loaded 198636 signatures.

Wed Jan 30 05:21:07 2008 -> Bound to address 127.0.0.1 on tcp port 3310

Wed Jan 30 05:21:07 2008 -> Setting connection queue length to 30

Wed Jan 30 05:21:07 2008 -> WARNING: Socket file /tmp/clamd.socket exists. Unclean shutdown? Removing...

Wed Jan 30 05:21:08 2008 -> ERROR: Socket file /tmp/clamd.socket could not be removed: Permission denied

Here is /var/log/messages:

Jan 30 05:20:58 home clamd[2099]: clamd daemon 0.92 (OS: linux-gnu, ARCH: i386, CPU: i386)

Jan 30 05:20:58 home clamd[2099]: Running as user clamav (UID 100, GID 101)

Jan 30 05:20:58 home clamd[2099]: Log file size limit disabled.

Jan 30 05:20:58 home clamd[2099]: Reading databases from /var/lib/clamav

Jan 30 05:21:02 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "search" access to kernel (sysctl_kernel_t). For complete SELinux
messages. run sealert -l a81544c7-7a39-400f-af93-719ff8581a98

Jan 30 05:21:06 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "read" access to meminfo (proc_t). For complete SELinux messages.
run sealert -l 2a69d630-6e5d-4c43-a15f-b4ffbef2a6ff

Jan 30 05:21:07 home clamd[2099]: Loaded 198636 signatures.

Jan 30 05:21:07 home clamd[2099]: Bound to address 127.0.0.1 on tcp port 3310

Jan 30 05:21:07 home clamd[2099]: Setting connection queue length to 30

Jan 30 05:21:07 home clamd[2099]: Socket file /tmp/clamd.socket exists. Unclean shutdown? Removing...

Jan 30 05:21:08 home clamd[2099]: Socket file /tmp/clamd.socket could not be removed: Permission denied

Jan 30 05:21:10 home setroubleshoot: SELinux is preventing the /usr/sbin/clamd from using potentially mislabeled files (clamd.socket). For complete SELinux messages. run sealert -l 2529b92e-97c0-460b-9f44-f5dddd6879f4

Jan 30 05:21:10 home setroubleshoot: SELinux is preventing the /usr/sbin/clamd from using potentially mislabeled files (clamd.socket). For complete SELinux messages. run sealert -l 6677dd93-d87d-4b0f-a7e8-a9097aefc086

Here is /var/log/audit/audit.log:

type=AVC msg=audit(1201645258.726:6): avc: denied { search } for pid=2098 comm="clamd" name="kernel" dev=proc ino=-268435416 scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir type=SYSCALL msg=audit(1201645258.726:6): arch=40000003 syscall=5 success=no exit=-13 a0=c03a64 a1=0 a2=ae7264 a3=c1f974 items=0 ppid=2097 pid=2098 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201645263.904:7): avc: denied { read } for pid=2099 comm="clamd" name="meminfo" dev=proc ino=-268435454 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:proc_t:s0 tclass=file type=SYSCALL msg=audit(1201645263.904:7): arch=40000003 syscall=5 success=no exit=-13 a0=c03df2 a1=0 a2=1b6 a3=937ed08 items=0 ppid=1 pid=2099 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201645267.988:8): avc: denied { write } for pid=2099 comm="clamd" name="clamd.socket" dev=dm-0 ino=3473422 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file

type=SYSCALL msg=audit(1201645267.988:8): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bf9ac3d0 a2=8d04238 a3=6 items=0 ppid=1 pid=2099 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null)

type=AVC msg=audit(1201645267.995:9): avc: denied { unlink } for pid=2099 comm="clamd" name="clamd.socket" dev=dm-0 ino=3473422 scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file

type=SYSCALL msg=audit(1201645267.995:9): arch=40000003 syscall=10 success=no exit=-13 a0=bf9ac44c a1=0 a2=8d04238 a3=6 items=0 ppid=1 pid=2099 auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101 sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd" subj=system_u:system_r:clamd_t:s0 key=(null) _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html

• This message: [ Message body ]
• Next message: Török Edwin: "Re: [Clamav-users] Problem with clamav on Linux"
• Previous message: Török Edwin: "Re: [Clamav-users] Problem with clamav on Linux"
• In reply to: Török Edwin: "Re: [Clamav-users] Problem with clamav on Linux"
• Next in thread: Török Edwin: "Re: [Clamav-users] Problem with clamav on Linux"
• Reply: Török Edwin: "Re: [Clamav-users] Problem with clamav on Linux"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]