After remove it manual. There is still error when clamd start, it will
create /tmp/clamd.socket
And this is the next error. If solve this problem, I think you fixed my
error. I'm so sorry because I can not understand to config and fix it by
myself! I'm newbie.
This is /var/log/clamd.log:
Wed Jan 30 05:36:53 2008 -> +++ Started at Wed Jan 30 05:36:53 2008
Wed Jan 30 05:36:53 2008 -> clamd daemon 0.92 (OS: linux-gnu, ARCH: i386,
CPU: i386)
Wed Jan 30 05:36:54 2008 -> Running as user clamav (UID 100, GID 101)
Wed Jan 30 05:36:54 2008 -> Log file size limit disabled.
Wed Jan 30 05:36:54 2008 -> Reading databases from /var/lib/clamav
Wed Jan 30 05:37:21 2008 -> Loaded 198636 signatures.
Wed Jan 30 05:37:21 2008 -> Bound to address 127.0.0.1 on tcp port 3310
Wed Jan 30 05:37:21 2008 -> Setting connection queue length to 30
Wed Jan 30 05:37:21 2008 -> ERROR: Socket file /tmp/clamd.socket could not
be bound: Permission denied
This is /var/log/messages:
Jan 30 05:37:21 home clamd[2100]: Loaded 198636 signatures.
Jan 30 05:37:21 home clamd[2100]: Bound to address 127.0.0.1 on tcp port
3310
Jan 30 05:37:21 home clamd[2100]: Setting connection queue length to 30
Jan 30 05:37:21 home clamd[2100]: Socket file /tmp/clamd.socket could not be
bound: Permission denied
Jan 30 05:37:29 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "search" access to kernel (sysctl_kernel_t). For complete SELinux
messages. run sealert -l a81544c7-7a39-400f-af93-719ff8581a98
Jan 30 05:37:30 home setroubleshoot: SELinux is preventing /usr/sbin/clamd
(clamd_t) "read" access to meminfo (proc_t). For complete SELinux messages.
run sealert -l 2a69d630-6e5d-4c43-a15f-b4ffbef2a6ff
Jan 30 05:37:30 home setroubleshoot: SELinux is preventing the
/usr/sbin/clamd from using potentially mislabeled files (clamd.socket). For
complete SELinux messages. run sealert -l
5eb8ba4d-d194-45cf-b156-1b4901d7c710
This is /var/log/audit/audit.log:
type=AVC msg=audit(1201646213.824:6): avc: denied { search } for pid=2099
comm="clamd" name="kernel" dev=proc ino=-268435416
scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:sysctl_kernel_t:s0 tclass=dir
type=SYSCALL msg=audit(1201646213.824:6): arch=40000003 syscall=5 success=no
exit=-13 a0=c03a64 a1=0 a2=c1dff4 a3=c1f974 items=0 ppid=2098 pid=2099
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1201646234.743:14): avc: denied { read } for pid=2100
comm="clamd" name="meminfo" dev=proc ino=-268435454
scontext=system_u:system_r:clamd_t:s0 tcontext=system_u:object_r:proc_t:s0
tclass=file
type=SYSCALL msg=audit(1201646234.743:14): arch=40000003 syscall=5
success=no exit=-13 a0=c03df2 a1=0 a2=1b6 a3=9798d08 items=0 ppid=1 pid=2100
auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101
sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)
type=AVC msg=audit(1201646241.893:15): avc: denied { create } for pid=2100
comm="clamd" name="clamd.socket" scontext=system_u:system_r:clamd_t:s0
tcontext=system_u:object_r:tmp_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1201646241.893:15): arch=40000003 syscall=102
success=no exit=-13 a0=2 a1=bff5fb10 a2=911e238 a3=6 items=0 ppid=1 pid=2100
auid=4294967295 uid=100 gid=101 euid=100 suid=100 fsuid=100 egid=101
sgid=101 fsgid=101 tty=(none) comm="clamd" exe="/usr/sbin/clamd"
subj=system_u:system_r:clamd_t:s0 key=(null)
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://lurker.clamav.net/list/clamav-users.html
