Your message dated Sun, 6 Jan 2008 18:23:51 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#456806: clamav-freshclam: freshclam created files can only
be read by clamav user
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: clamav-freshclam
Version: 0.91.2-4
Severity: normal
Whenever clamav-freshclam updates my virus definition files, I get the following
error message the next time I try to run clamscan as a normal user:
$ clamscan file_to_scan
LibClamAV Error: cli_load(): Can't open file
/var/lib/clamav//daily.inc/daily.cfg
ERROR: Unable to open file or directory
# ls -l /var/lib/clamav/
drwxr-xr-x 2 clamav clamav 227 2007-12-17 18:00 daily.inc
drwx------ 2 clamav clamav 124 2007-12-17 18:00 main.inc
-rw------- 1 clamav clamav 1560 2007-12-17 18:37 mirrors.dat
The permissions on main.inc have been reset to only accessible by clamav user.
# ls -l /var/lib/clamav/main.inc/
-rw-r--r-- 1 clamav clamav 17992 2007-12-09 09:36 COPYING
-rw------- 1 clamav clamav 4735470 2007-12-09 09:39 main.db
-rw-r--r-- 1 clamav clamav 3881 2007-12-09 09:39 main.fp
-rw-r--r-- 1 clamav clamav 648469 2007-12-09 09:39 main.hdb
-rw------- 1 clamav clamav 318 2007-12-09 09:39 main.info
-rw------- 1 clamav clamav 4335069 2007-12-09 09:39 main.mdb
-rw------- 1 clamav clamav 14575772 2007-12-09 09:39 main.ndb
-rw-r--r-- 1 clamav clamav 217 2007-12-09 09:36 main.zmd
# ls -l /var/lib/clamav/daily.inc/
-rw-r--r-- 1 clamav clamav 17992 2007-09-22 09:24 COPYING
-rw------- 1 clamav clamav 74 2007-12-08 17:14 daily.cfg
-rw-r--r-- 1 clamav clamav 25911 2007-12-09 10:40 daily.db
-rw------- 1 clamav clamav 3881 2007-12-09 10:40 daily.fp
-rw------- 1 clamav clamav 2202 2007-12-16 16:36 daily.hdb
-rw-r--r-- 1 clamav clamav 1116 2007-11-21 01:38 daily.hdu
-rw------- 1 clamav clamav 585 2007-12-17 17:37 daily.info
-rw------- 1 clamav clamav 433594 2007-12-17 17:37 daily.mdb
-rw-r--r-- 1 clamav clamav 24696 2007-12-17 04:37 daily.mdu
-rw------- 1 clamav clamav 230257 2007-12-17 10:37 daily.ndb
-rw-r--r-- 1 clamav clamav 4458 2007-10-31 13:37 daily.ndu
-rw-r--r-- 1 clamav clamav 2808 2007-12-08 05:14 daily.pdb
-rw------- 1 clamav clamav 963 2007-12-08 21:14 daily.wdb
-rw-r--r-- 1 clamav clamav 2922 2007-09-22 09:24 daily.zmd
The mode 600 files were all updated (or freshly created) in the last few days.
If I "chmod 644" the files, clamscan works properly until freshclam downloads
updates and the modes go back to 600.
If I purge and then reinstall all clamav packages, then ALL of the
virus definition files and directories in /var/lib/clamav are mode 600 or 700.
I doubt this is caused by root's umask on the system as:
# umask
0022
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23.9-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.91.2-4 anti-virus utility for Unix - base
ii debconf [debconf-2.0] 1.5.17 Debian configuration management sy
ii debianutils 2.28.2 Miscellaneous utilities specific t
ii libc6 2.7-4 GNU C Library: Shared libraries
ii libclamav2 0.91.2-4 anti-virus utility for Unix - libr
ii logrotate 3.7.1-3 Log rotation utility
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii ucf 3.004 Update Configuration File: preserv
ii zlib1g 1:1.2.3.3.dfsg-8 compression library - runtime
clamav-freshclam recommends no packages.
-- debconf information:
* clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/proxy_user:
* clamav-freshclam/NotifyClamd: /etc/clamav/clamd.conf
* clamav-freshclam/local_mirror: db.local.clamav.net
* clamav-freshclam/http_proxy:
clamav-freshclam/mirrors.txt-note:
* clamav-freshclam/update_interval: 24
clamav-freshclam/internet_interface:
--- End Message ---
--- Begin Message ---
This one time, at band camp, Berg, Michael said:
> Stephen Gran wrote:
> > Do you set umask in /etc/profile or in a pam setting or something?
>
> My /etc/profile actually has the line "umask 022" in it.
>
> However, I did just track down a "pam_umask.so umask=0077" in one of the
> pam session files. I can't remember if I or a package made that setting
> at some point in the past, but at any rate, the bug can be closed.
>
> Thanks for your help and sorry for the trouble.
Thanks for looking into it. I'm just glad it wasn't a clamav problem :)
Take care,
--
-----------------------------------------------------------------
| ,''`. Stephen Gran |
| : :' : [EMAIL PROTECTED] |
| `. `' Debian user, admin, and developer |
| `- http://www.debian.org |
-----------------------------------------------------------------
signature.asc
Description: Digital signature
--- End Message ---
