Package: clamav-daemon Version: 0.103.0+dfsg-2 Severity: important Tags: a11y
Dear Maintainer, the daemon fails to start with this error nov 02 16:12:44 G5045 clamd[166893]: Mon Nov 2 16:12:44 2020 -> ^lchown to user 'clamav' failed on log file '/var/log/clamav/clamav.log'. Error was 'Operation not permitted' I found the solution here https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1771267.html miss "capability chown," in /etc/apparmor.d/usr.sbin.clamd Thanks Stefano -- Package-specific info: --- configuration --- Checking configuration files in /etc/clamav Config file: clamd.conf ----------------------- AlertExceedsMax disabled PreludeEnable disabled PreludeAnalyzerName = "ClamAV" LogFile = "/var/log/clamav/clamav.log" LogFileUnlock disabled LogFileMaxSize = "4294967295" LogTime = "yes" LogClean disabled LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" ExtendedDetectionInfo = "yes" PidFile disabled TemporaryDirectory disabled DatabaseDirectory = "/var/lib/clamav" OfficialDatabaseOnly disabled LocalSocket = "/var/run/clamav/clamd.ctl" LocalSocketGroup = "clamav" LocalSocketMode = "666" FixStaleSocket = "yes" TCPSocket disabled TCPAddr disabled MaxConnectionQueueLength = "15" StreamMaxLength = "26214400" StreamMinPort = "1024" StreamMaxPort = "2048" MaxThreads = "12" ReadTimeout = "180" CommandReadTimeout = "5" SendBufTimeout = "200" MaxQueue = "100" IdleTimeout = "30" ExcludePath disabled MaxDirectoryRecursion = "15" FollowDirectorySymlinks disabled FollowFileSymlinks disabled CrossFilesystems = "yes" SelfCheck = "3600" ConcurrentDatabaseReload = "yes" DisableCache disabled VirusEvent disabled ExitOnOOM disabled AllowAllMatchScan = "yes" Foreground disabled Debug disabled LeaveTemporaryFiles disabled User = "clamav" Bytecode = "yes" BytecodeSecurity = "TrustSigned" BytecodeTimeout = "60000" BytecodeUnsigned disabled BytecodeMode = "Auto" DetectPUA disabled ExcludePUA disabled IncludePUA disabled ScanPE = "yes" ScanELF = "yes" ScanMail = "yes" ScanPartialMessages disabled PhishingSignatures = "yes" PhishingScanURLs = "yes" HeuristicAlerts = "yes" HeuristicScanPrecedence disabled StructuredDataDetection disabled StructuredMinCreditCardCount = "3" StructuredMinSSNCount = "3" StructuredSSNFormatNormal = "yes" StructuredSSNFormatStripped disabled ScanHTML = "yes" ScanOLE2 = "yes" AlertBrokenExecutables disabled AlertEncrypted disabled StructuredCCOnly disabled AlertEncryptedArchive disabled AlertEncryptedDoc disabled AlertOLE2Macros disabled AlertPhishingSSLMismatch disabled AlertPhishingCloak disabled AlertPartitionIntersection disabled ScanPDF = "yes" ScanSWF = "yes" ScanXMLDOCS = "yes" ScanHWP3 = "yes" ScanArchive = "yes" ForceToDisk disabled MaxScanTime = "120000" MaxScanSize = "104857600" MaxFileSize = "26214400" MaxRecursion = "16" MaxFiles = "10000" MaxEmbeddedPE = "10485760" MaxHTMLNormalize = "10485760" MaxHTMLNoTags = "2097152" MaxScriptNormalize = "5242880" MaxZipTypeRcg = "1048576" MaxPartitions = "50" MaxIconsPE = "100" MaxRecHWP3 = "16" PCREMatchLimit = "10000" PCRERecMatchLimit = "5000" PCREMaxFileSize = "26214400" OnAccessMountPath disabled OnAccessIncludePath disabled OnAccessExcludePath disabled OnAccessExcludeRootUID disabled OnAccessExcludeUID disabled OnAccessExcludeUname disabled OnAccessMaxFileSize = "5242880" OnAccessDisableDDD disabled OnAccessPrevention disabled OnAccessExtraScanning disabled OnAccessCurlTimeout = "5000" OnAccessMaxThreads = "5" OnAccessRetryAttempts disabled OnAccessDenyOnError disabled DevACOnly disabled DevACDepth disabled DevPerformance disabled DevLiblog disabled DisableCertCheck disabled AlgorithmicDetection = "yes" BlockMax disabled PhishingAlwaysBlockSSLMismatch disabled PhishingAlwaysBlockCloak disabled PartitionIntersection disabled OLE2BlockMacros disabled ArchiveBlockEncrypted disabled Config file: freshclam.conf --------------------------- LogFileMaxSize = "4294967295" LogTime = "yes" LogSyslog disabled LogFacility = "LOG_LOCAL6" LogVerbose disabled LogRotate = "yes" PidFile disabled DatabaseDirectory = "/var/lib/clamav" Foreground disabled Debug disabled UpdateLogFile = "/var/log/clamav/freshclam.log" DatabaseOwner = "clamav" Checks = "24" DNSDatabaseInfo = "current.cvd.clamav.net" DatabaseMirror = "db.local.clamav.net", "database.clamav.net" PrivateMirror disabled MaxAttempts = "5" ScriptedUpdates = "yes" TestDatabases = "yes" CompressLocalDatabase disabled ExtraDatabase disabled ExcludeDatabase disabled DatabaseCustomURL disabled HTTPProxyServer disabled HTTPProxyPort disabled HTTPProxyUsername disabled HTTPProxyPassword disabled HTTPUserAgent disabled NotifyClamd = "/etc/clamav/clamd.conf" OnUpdateExecute disabled OnErrorExecute disabled OnOutdatedExecute disabled LocalIPAddress disabled ConnectTimeout = "600" ReceiveTimeout = "600" SafeBrowsing disabled Bytecode = "yes" clamav-milter.conf not found Software settings ----------------- Version: 0.103.0 Optional features supported: MEMPOOL IPv6 FRESHCLAM_DNS_FIX AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON Database information -------------------- Database directory: /var/lib/clamav [3rd Party] bofhland_cracked_URL.ndb: 40 sigs [3rd Party] bofhland_malware_URL.ndb: 4 sigs [3rd Party] bofhland_malware_attach.hdb: 1836 sigs [3rd Party] bofhland_phishing_URL.ndb: 72 sigs bytecode.cvd: version 331, sigs: 94, built on Thu Sep 19 18:12:33 2019 [3rd Party] crdfam.clamav.hdb: 1 sig [3rd Party] doppelstern.hdb: 1 sig main.cvd: version 59, sigs: 4564902, built on Mon Nov 25 14:56:15 2019 [3rd Party] sanesecurity.ftm: 170 sigs [3rd Party] spamattach.hdb: 14 sigs [3rd Party] spamimg.hdb: 199 sigs [3rd Party] winnow.attachments.hdb: 182 sigs [3rd Party] winnow_bad_cw.hdb: 1 sig [3rd Party] winnow_extended_malware.hdb: 245 sigs [3rd Party] winnow_malware.hdb: 293 sigs [3rd Party] winnow_malware_links.ndb: 133 sigs [3rd Party] sigwhitelist.ign2: 9 sigs [3rd Party] junk.ndb: 60061 sigs [3rd Party] scam.ndb: 12741 sigs [3rd Party] porcupine.ndb: 6791 sigs [3rd Party] phishtank.ndb: 12398 sigs [3rd Party] blurl.ndb: 1642 sigs [3rd Party] jurlbl.ndb: 22791 sigs [3rd Party] phish.ndb: 28007 sigs daily.cld: version 25976, sigs: 4337988, built on Mon Nov 2 14:23:56 2020 [3rd Party] rogue.hdb: 3568 sigs Total number of signatures: 9054183 Platform information -------------------- uname: Linux 5.9.0-1-amd64 #1 SMP Debian 5.9.1-1 (2020-10-17) x86_64 OS: linux-gnu, ARCH: x86_64, CPU: x86_64 Full OS version: Debian GNU/Linux bullseye/sid zlib version: 1.2.11 (1.2.11), compile flags: a9 platform id: 0x0a21797908000000000a0200 Build information ----------------- GNU C: 10.2.0 (10.2.0) CPPFLAGS: -Wdate-time -D_FORTIFY_SOURCE=2 CFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-CCphnj/clamav-0.103.0+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 CXXFLAGS: -g -O2 -fdebug-prefix-map=/build/clamav-CCphnj/clamav-0.103.0+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64 LDFLAGS: -Wl,-z,relro -Wl,-z,now -Wl,--as-needed Configure: '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-CCphnj/clamav-0.103.0+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-CCphnj/clamav-0.103.0+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security -Wall -D_FILE_OFFSET_BITS=64' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now -Wl,--as-needed' '--with-dbdir=/var/lib/clamav' '--sysconfdir=/etc/clamav' '--disable-clamav' '--disable-unrar' '--enable-milter' '--enable-dns-fix' '--with-libjson' '--with-system-libmspack' '--with-libcurl=/usr' '--with-gnu-ld' '--with-systemdsystemunitdir=/lib/systemd/system' 'build_alias=x86_64-linux-gnu' 'OBJCFLAGS=-g -O2 -fdebug-prefix-map=/build/clamav-CCphnj/clamav-0.103.0+dfsg=. -fstack-protector-strong -Wformat -Werror=format-security' sizeof(void*) = 8 Engine flevel: 121, dconf: 121 --- data dir --- total 675204 -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 243332 Nov 2 14:06 blurl.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 3448 Aug 6 12:20 bofhland_cracked_URL.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 610 Aug 6 12:20 bofhland_malware_URL.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 106247 Aug 6 12:20 bofhland_malware_attach.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 9676 Aug 6 12:20 bofhland_phishing_URL.ndb -rw-r--r-- 1 clamav clamav 296388 Aug 6 12:20 bytecode.cvd drwxr-xr-x 1 clamav clamav 86 Aug 6 12:20 clamav-2a608b4f3ffcbce246c1d967506563f8.tmp drwxr-xr-x 1 clamav clamav 0 Aug 6 10:55 clamav-3c63e4535bd787eef216df817422cc98.tmp drwxr-xr-x 1 clamav clamav 86 Aug 6 10:55 clamav-48838b23261fac860732f494b6550b02.tmp drwxr-xr-x 1 clamav clamav 86 Aug 6 10:55 clamav-aa9f8f46d6420950e9c58e12fe030633.tmp drwxr-xr-x 1 clamav clamav 86 Aug 6 12:20 clamav-bbb07cffefa99633bd76ce3fd0acd7c4.tmp drwxr-xr-x 1 clamav clamav 86 Aug 6 10:55 clamav-f1f8cadb226d7d1d44bf8b3f123c7731.tmp -rw-r--r-- 1 clamav-unofficial-sigs clamav 82 Aug 6 12:20 crdfam.clamav.hdb -rw-r--r-- 1 clamav clamav 347895808 Nov 2 15:44 daily.cld -rw-r--r-- 1 clamav clamav 87644160 Aug 6 12:20 daily.cld.broken -rw-r--r-- 1 clamav-unofficial-sigs clamav 65 Aug 6 12:20 doppelstern.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 7504839 Nov 2 11:18 junk.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 2748705 Nov 2 14:06 jurlbl.ndb -rw-r--r-- 1 clamav clamav 117859675 Aug 6 12:20 main.cvd -rw-r--r-- 1 clamav clamav 117892267 Aug 6 12:20 main.cvd.broken -rw------- 1 clamav clamav 256 Aug 6 12:20 mirrors.dat -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 4137695 Nov 2 14:06 phish.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 1942192 Nov 2 13:00 phishtank.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 635351 Nov 2 11:01 porcupine.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 389716 Nov 2 15:06 rogue.hdb -rw-r--r-- 1 clamav clamav 11098 Aug 6 12:20 sanesecurity.ftm -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 1925682 Nov 2 11:18 scam.ndb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 260 Oct 12 10:13 sigwhitelist.ign2 -rw-r--r-- 1 clamav-unofficial-sigs clamav 1391 Aug 6 12:20 spamattach.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 19115 Aug 6 12:20 spamimg.hdb drwxr-xr-x 1 clamav clamav 0 Aug 6 10:55 tmp -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 14825 Aug 6 12:20 winnow.attachments.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav 66 Aug 6 12:20 winnow_bad_cw.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav 16271 Aug 6 12:20 winnow_extended_malware.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav 18189 Aug 6 12:20 winnow_malware.hdb -rw-r--r-- 1 clamav-unofficial-sigs clamav-unofficial-sigs 14709 Aug 6 12:20 winnow_malware_links.ndb -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (903, 'unstable'), (500, 'testing'), (400, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-1-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:it Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages clamav-daemon depends on: ii adduser 3.118 ii clamav-base 0.103.0+dfsg-2 ii clamav-freshclam [clamav-data] 0.103.0+dfsg-2 ii debconf [debconf-2.0] 1.5.74 ii dpkg 1.20.5 ii libc6 2.31-4 ii libclamav9 0.103.0+dfsg-2 ii libcurl4 7.72.0-1 ii libncurses6 6.2+20200918-1 ii libsystemd0 246.6-2 ii libtinfo6 6.2+20200918-1 ii lsb-base 11.1.0 ii procps 2:3.3.16-5 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages clamav-daemon recommends: ii clamdscan 0.103.0+dfsg-2 Versions of packages clamav-daemon suggests: ii apparmor 2.13.5-1 pn clamav-docs <none> ii daemon 0.6.4-1+b2 pn libclamunrar <none> -- Configuration Files: /etc/apparmor.d/usr.sbin.clamd changed: /usr/sbin/clamd { #include <abstractions/base> #include <abstractions/nameservice> #include <abstractions/openssl> # LP: #433764: capability dac_override, # lun 2 nov 2020, 15:51:50, CET stefano capability chown, # needed, when using systemd capability setgid, capability setuid, @{PROC}/filesystems r, @{PROC}/[0-9]*/status r, /etc/clamav/clamd.conf r, /usr/sbin/clamd mr, /tmp/ rw, /tmp/** krw, /var/lib/clamav/ r, /var/lib/clamav/** krw, /var/log/clamav/* krw, /{,var/}run/clamav/clamd.ctl w, /{,var/}run/clamav/clamd.pid w, /var/spool/clamsmtp/* r, /var/spool/qpsmtpd/* r, /var/spool/p3scan/children/** r, /var/spool/havp/** r, # For amavisd-new integration /var/lib/amavis/tmp/** r, # For mimedefang integration /var/spool/MIMEDefang/mdefang-*/Work/ r, /var/spool/MIMEDefang/mdefang-*/Work/** r, # For use with exim /var/spool/exim4/** r, # Allow home dir to be scanned @{HOME}/ r, @{HOME}/** r, # Site-specific additions and overrides. See local/README for details. #include <local/usr.sbin.clamd> } /etc/logcheck/ignore.d.paranoid/clamav-daemon [Errno 13] Permesso negato: '/etc/logcheck/ignore.d.paranoid/clamav-daemon' /etc/logcheck/ignore.d.server/clamav-daemon [Errno 13] Permesso negato: '/etc/logcheck/ignore.d.server/clamav-daemon' -- debconf information: clamav-daemon/SelfCheck: 3600 clamav-daemon/BytecodeTimeout: 60000 clamav-daemon/AllowAllMatchScan: true clamav-daemon/StatsHostID: auto clamav-daemon/LogSyslog: false clamav-daemon/AddGroups: amavis clamav-daemon/MaxZipTypeRcg: 1M clamav-daemon/debconf: true clamav-daemon/LocalSocketGroup: clamav clamav-daemon/MaxScriptNormalize: 5M clamav-daemon/MaxHTMLNoTags: 2M clamav-daemon/TCPSocket: 3310 clamav-daemon/ScanOnAccess: false clamav-daemon/FollowDirectorySymlinks: false clamav-daemon/LogTime: true clamav-daemon/BytecodeSecurity: TrustSigned clamav-daemon/StatsPEDisabled: true clamav-daemon/MaxEmbeddedPE: 10M clamav-daemon/MaxHTMLNormalize: 10M clamav-daemon/ForceToDisk: false clamav-daemon/StatsEnabled: false clamav-daemon/ScanMail: true clamav-daemon/ScanArchive: true clamav-daemon/ReadTimeout: 180 clamav-daemon/LocalSocket: /var/run/clamav/clamd.ctl clamav-daemon/FollowFileSymlinks: false clamav-daemon/FixStaleSocket: true clamav-daemon/StatsTimeout: 10 clamav-daemon/LogRotate: true clamav-daemon/DisableCertCheck: false clamav-daemon/LogFile: /var/log/clamav/clamav.log clamav-daemon/MaxThreads: 12 clamav-daemon/OnAccessMaxFileSize: 5M clamav-daemon/Bytecode: true clamav-daemon/ScanSWF: true clamav-daemon/TCPAddr: any clamav-daemon/MaxConnectionQueueLength: 15 clamav-daemon/TcpOrLocal: UNIX clamav-daemon/MaxDirectoryRecursion: 15 clamav-daemon/LocalSocketMode: 666 clamav-daemon/StreamMaxLength: 25 clamav-daemon/User: clamav