Hi Paul,
Check out what SSL groups are set in /etc/groups.
On my uBuntu, the SSL directories are (edited out dates/size):
drwxr-xr-x 3 root root /etc/ssl/certs/
drwx--x--- 2 root ssl-cert /etc/ssl/private/
SSL/Curl will complain about these if not set correctly so 'private' and
'certs' will need to be set up properly:
chgrp ssl-cert /etc/ssl/private
chmod 710 /etc/ssl/private
chmod 755 /etc/ssl/certs
You should have an ssl-cert or something similar in your /etc/groups file.
The only private key I have is ssl-cert-snakeoil so what freshclam will
need will be something in 'certs'.
Ged/others may know which specific pem/crt files are needed to get
freshclam to play ball. I don't.
I am sorry that I can't help much further as my x86 LFS dist is not
available at the moment so I can't replicate the issues.
I hope this helps a bit.
Regards
Mark.
On 19/07/2021 18:07, Paul Rogers via clamav-users wrote:
ClamAV is relying on curl, and if you intend to carry on digging then
like Micah I think that's where you need to be looking. So the extra
logging that I suggested should be in curl, not in ClamAV. See e.g.
https://curl.se/libcurl/c/CURLOPT_VERBOSE.html
I'm afraid this is no help to me. My programming experience long predates C,
FORTRAN II was my native tongue. I'm now so old my short-term memory is shot;
I CAN'T learn it now. A somewhat competent sysadmin is all I can manage. I
did a little grepping, but found no place I was confident to set it. But it
configure says it was built in (note march=i686!):
configure: Configured to build curl/libcurl:
Host setup: i686-pc-linux-gnu
Install prefix: /usr/local
Compiler: gcc
CFLAGS: -march=i686 -Werror-implicit-function-declaration -O2
-Wno-system-headers -pthreadsystem /usr/local/include
LDFLAGS: -L/usr/lib -L/usr/local/lib
LIBS: -lnettle -lgnutls -lssl -lcrypto -lssl -lcrypto -lz
curl version: 7.77.0
SSL: enabled (OpenSSL, GnuTLS)
SSH: no (--with-{libssh,libssh2})
zlib: enabled
brotli: no (--with-brotli)
zstd: no (--with-zstd)
GSS-API: no (--with-gssapi)
GSASL: no (libgsasl not found)
TLS-SRP: enabled
resolver: POSIX threaded
IPv6: no (--enable-ipv6)
Unix sockets: enabled
IDN: no (--with-{libidn2,winidn})
Build libcurl: Shared=yes, Static=no
Built-in manual: enabled
--libcurl option: enabled (--disable-libcurl-option)
Verbose errors: enabled (--disable-verbose)
Code coverage: disabled
SSPI: no (--enable-sspi)
ca cert bundle: /etc/ssl/ca-bundle.crt
ca cert path: /etc/ssl/certs
ca fallback: no
LDAP: no (--enable-ldap / --with-ldap-lib / --with-lber-lib)
LDAPS: no (--enable-ldaps)
RTSP: enabled
RTMP: no (--with-librtmp)
Metalink: no (--with-libmetalink)
PSL: no (libpsl not found)
Alt-svc: enabled (--disable-alt-svc)
HSTS: enabled (--disable-hsts)
HTTP1: enabled (internal)
HTTP2: no (--with-nghttp2, --with-hyper)
HTTP3: no (--with-ngtcp2, --with-quiche)
ECH: no (--enable-ech)
Protocols: DICT FILE FTP FTPS GOPHER GOPHERS HTTP HTTPS IMAP IMAPS
MQTT POP3 POP3S RTSP SMB SMBS SMTP SMTPS TELNET TFTP
Features: AsynchDNS HSTS HTTPS-proxy Largefile MultiSSL NTLM NTLM_WB
SSL TLS-SRP UnixSockets alt-svc libz
But why didn't you just spin up a VM like I suggested? With a little
bit of effort you'd have had it up and running nearly three weeks ago.
Because this old system built to run on legacy 32-bit hardware only has llvm
installed and that because it's a Mesa dependency, nothing higher. This is not
a kitchen-sink distro.
drwxr-xr-x 2 root root 4096 Jul 7 22:42 private
Those permissions look wrong to me.
It's empty anyhow. What should it be? (I was running freshclam as root.)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
