[Bug 292580] Re: clamav-freshclam update dns problem
*** This bug is a duplicate of bug 286080 *** https://bugs.launchpad.net/bugs/286080 ** This bug has been marked a duplicate of bug 286080 cups fails to print to network printer if resolvconf package is installed (apparmor) -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
That is true but looking at /var/log/clamav/freshclam.log show that the daemon itself can't access the database site. That means that even with freshclam running, the database gets outdated and clamscan complains about an outdated database when invoked. I even tried entering an IP address into /etc/clamav/freshclam.conf but freshclam still didn't work. Is the freshclam version from Intrepid working for anybody? -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 292580] Re: clamav-freshclam update dns problem
Yes. Works here just fine on multiple boxes. -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 292580] Re: clamav-freshclam update dns problem
Please provide the log file information from /var/log/clamav/freshclam.0 that shows the failure you are concerned about. -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 292580] Re: clamav-freshclam update dns problem
in the log is a lot of this, no more: ClamAV update process started at Sun Nov 2 02:00:07 2008 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): WARNING: Can't get information about database.clamav.net: Name or service not known WARNING: Can't read main.cvd header from database.clamav.net (IP: ) Trying again in 5 secs... - here is something what I tried out: [EMAIL PROTECTED]:/var/log/clamav# host -t txt database.clamav.net database.clamav.net is an alias for db.local.clamav.net. db.local.clamav.net is an alias for db.centraleu.clamav.net. [EMAIL PROTECTED]:/var/log/clamav# host -t txt db.local.clamav.net db.local.clamav.net is an alias for db.centraleu.clamav.net. [EMAIL PROTECTED]:/var/log/clamav# host -t txt db.centraleu.clamav.net db.centraleu.clamav.net has no TXT record [EMAIL PROTECTED]:/var/log/clamav# dig db.centraleu.clamav.net ; DiG 9.5.0-P2 db.centraleu.clamav.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 59261 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;db.centraleu.clamav.net. IN A ;; ANSWER SECTION: db.centraleu.clamav.net. 31 IN A 130.59.10.36 db.centraleu.clamav.net. 31 IN A 212.71.0.71 ;; Query time: 13 msec ;; SERVER: 195.186.1.111#53(195.186.1.111) ;; WHEN: Sun Nov 2 17:03:04 2008 ;; MSG SIZE rcvd: 73 On 02.Nov 2008 15:32, Scott Kitterman wrote: Please provide the log file information from /var/log/clamav/freshclam.0 that shows the failure you are concerned about. -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a direct subscriber of the bug. Status in “clamav” source package in Ubuntu: New Bug description: Binary package hint: clamav-freshclam on Kubuntu 8.10 (newest from archive) it's not possible to update the clamav db with sudo freshclam. it allways report, dns resolving don't work. But, with nslookup, dig and host it's possible to resolve the domain-names (like described in the FAQ of clamav.org). I don't have any idea to resolve this... maybe a permission-problem, but it's executed as root. Also the daemon has the same problem of clamav, not only the manual update. Any idea how to do more exactly debugging? thanks. exact output: ClamAV update process started at Sun Nov 2 13:02:14 2008 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): WARNING: Can't get information about database.clamav.net: Name or service not known WARNING: Can't read main.cvd header from database.clamav.net (IP: ) Trying again in 5 secs... -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
One thing that's new in Intrepid for clamav is an AppArmor profile for increased security. It may be that freshclam needs access to some resource on your system that AppArmor is blocking. You can switch the profile to complain mode and see if that helps: sudo aa-complain usr.bin.feshclam If it works after doing that, then it's an profile issue. We'll need the relevant log entries to figure out exactly what is needed. They look something like: Oct 25 11:52:33 scott-laptop kernel: [ 5308.432588] type=1502 audit(1224949953.717:3435): operation=socket_accept family=inet sock_type=stream protocol=6 pid=12985 profile=/usr/bin/freshclam -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 292580] Re: clamav-freshclam update dns problem
Ah, exactly, here this I can see in syslog, before doing aa-complain... Nov 2 18:55:59 xyz kernel: [30172.149684] type=1503 audit(1225648559.221:215): operation=inode_permission requested_mask=::r denied_mask=::r fsuid=112 name=/etc/resolvconf/run/resolv.conf pid=9156 profile=/usr/bin/freshclam On 02.Nov 2008 17:45, Scott Kitterman wrote: One thing that's new in Intrepid for clamav is an AppArmor profile for increased security. It may be that freshclam needs access to some resource on your system that AppArmor is blocking. You can switch the profile to complain mode and see if that helps: sudo aa-complain usr.bin.feshclam If it works after doing that, then it's an profile issue. We'll need the relevant log entries to figure out exactly what is needed. They look something like: Oct 25 11:52:33 scott-laptop kernel: [ 5308.432588] type=1502 audit(1224949953.717:3435): operation=socket_accept family=inet sock_type=stream protocol=6 pid=12985 profile=/usr/bin/freshclam -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a direct subscriber of the bug. Status in “clamav” source package in Ubuntu: New Bug description: Binary package hint: clamav-freshclam on Kubuntu 8.10 (newest from archive) it's not possible to update the clamav db with sudo freshclam. it allways report, dns resolving don't work. But, with nslookup, dig and host it's possible to resolve the domain-names (like described in the FAQ of clamav.org). I don't have any idea to resolve this... maybe a permission-problem, but it's executed as root. Also the daemon has the same problem of clamav, not only the manual update. Any idea how to do more exactly debugging? thanks. exact output: ClamAV update process started at Sun Nov 2 13:02:14 2008 WARNING: Can't query current.cvd.clamav.net WARNING: Invalid DNS reply. Falling back to HTTP mode. Reading CVD header (main.cvd): WARNING: Can't get information about database.clamav.net: Name or service not known WARNING: Can't read main.cvd header from database.clamav.net (IP: ) Trying again in 5 secs... -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
Thanks for the advice. It was indeed a profile issue. After switching to complain mode, I got messages like [16653.510538] type=1503 audit(1225647340.558:116): operation=inode_permission requested_mask=::r denied_mask=::r fsuid=114 name=/etc/resolvconf/run/resolv.conf pid=23644 profile=/usr/bin/freshclam I figured that freshclam couldn't do DNS resolution because it was denied access to /etc/resolvconf/run/resolv.conf. Access to this file is only needed on systems that have the resolvconf package installed (a dependency of network-manager-vpnc). Adding the line /etc/resolvconf/run/resolv.conf r, to /etc/apparmor.d/usr.bin.freshclam and switching back to enforce mode solved the problem for me. I guess we should update the apparmor profile to include this possible configuration. -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
** Changed in: clamav (Ubuntu) Importance: Undecided = Medium Status: New = Triaged -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
Hi, I am unable to reproduce this bug in my current installation of Ubuntu 8.10 Intrepid. apt-cache madison clamav-freshclam reports 0.94.dfsg.1~rc1-0ubuntu2 as the version currently available. The /etc/apparmor.d/usr.bin.freshclam in this version includes #include abstractions/nameservice which is the preferred method for enabling a profile for name resolution, as name resolution entails other files besides /etc/resolv.conf. (/etc/hosts, nsswitch.conf etc) Could you please report on what version of clamav-freshclam you have installed, and or if #include abstractions/nameservice is included in /etc/apparmor.d/usr.bin.freshclam Thanks! -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
I also have 0.94.dfsg.1~rc1-0ubuntu2 of clamav-freshclam installed. abstractions/nameservice is included in my /etc/apparmor.d/usr.bin.freshclam. The problem is that the abstractions file only allows access to /var/run/resolvconf/resolv.conf but my version of resolvconf (1.42ubuntu2) uses the file /etc/resolvconf/run/resolv.conf instead. Changing this in the abstractions file should fix the problem. Was there a change in the location of resolvconf's files recently? -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
Hi Phillip, Thanks for the reply. I had a quick look at the source for resolvconf and it does use /etc/resolvconf/run instead of /var if it can, else it falls back to /var. I will enquire about and open a bug about amending abstractions/nameservice to include both paths. -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
Hi. Thanks for reporting this. This was actually fixed for a cups bug: https://bugs.edge.launchpad.net/ubuntu/+source/apparmor/+bug/286080 and should hopefully be released soon. Fix committed to revision 926 of bzr branch. As a current workaround, /etc/resolvconf/run/resolv.conf r, can be added to /etc/apparmor.d/abstractions/nameservice ** Changed in: clamav (Ubuntu) Status: Triaged = Fix Committed -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 292580] Re: clamav-freshclam update dns problem
Reassigning to Apparmor team. ** Changed in: apparmor (Ubuntu) Sourcepackagename: clamav = apparmor -- clamav-freshclam update dns problem https://bugs.launchpad.net/bugs/292580 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs