@sergiodj, I was able to reproduce this in a container based on your instruction but by adding the apparmor package to the mix.
With Apparmor installed, after upgrading from 0.102.4+dfsg- 0ubuntu0.18.04.1 -> 0.103.2+dfsg-0ubuntu0.18.04.1, I have this in "journalctl -fk": Apr 21 20:56:57 bclam kernel: audit: type=1400 audit(1619038617.624:2): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/clamd" pid=1835 comm="apparmor_parser" Apr 21 20:57:00 bclam kernel: audit: type=1400 audit(1619038620.980:3): apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/bin/freshclam" pid=1837 comm="apparmor_parser" Apr 21 20:57:11 bclam kernel: audit: type=1400 audit(1619038631.016:4): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=1840 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=105 ouid=0 Apr 21 20:57:11 bclam kernel: audit: type=1400 audit(1619038631.048:5): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=1840 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=105 ouid=0 Apr 21 20:59:30 bclam kernel: audit: type=1400 audit(1619038770.363:6): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=1870 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=105 ouid=0 Apr 21 21:04:37 bclam kernel: audit: type=1400 audit(1619039077.070:7): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=2800 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Apr 21 21:04:37 bclam kernel: audit: type=1400 audit(1619039077.074:8): apparmor="DENIED" operation="capable" profile="/usr/bin/freshclam" pid=2800 comm="freshclam" capability=1 capname="dac_override" The dac_override cap was added in the Apparmor profile shipped in 0.103.2+dfsg-0ubuntu0.18.04.1. It looks like the new profile is deployed after the freshclam service is restarted which would explain why it trips on the missing capability. Manually restarting clamav-freshclam.service works around the problem. ** Changed in: clamav (Ubuntu) Status: Incomplete => Confirmed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1925182 Title: ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1925182/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs