freshclam & clamav questions - Security

This is a discussion on freshclam & clamav questions - Security ; Hi, I have had various errors with these processes. Running Feisty 7.04. Googled for answers and was pointed to $ ls -l /usr/local/share/clamav ls: /usr/local/share/clamav: No such file or directory Can't lock database directory: /var/lib/clamav is the message I get ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: freshclam & clamav questions

  1. freshclam & clamav questions

    Hi, I have had various errors with these processes. Running Feisty 7.04.

    Googled for answers and was pointed to

    $ ls -l /usr/local/share/clamav
    ls: /usr/local/share/clamav: No such file or directory

    Can't lock database directory: /var/lib/clamav

    is the message I get

    ~$ ls -l /var/lib/clamav/
    total 10061
    -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat

    total 10061
    -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat

    I have no clue. Please someone kindly tip me off. I don't want no
    viruses or identity theft, etc, and think this must work. Please and
    thank you, if you will be so kind to help.

    It was all automagically installed with synaptic.

  2. Re: freshclam & clamav questions

    oOg wrote:
    > Hi, I have had various errors with these processes. Running Feisty 7.04.
    >
    > Googled for answers and was pointed to
    >
    > $ ls -l /usr/local/share/clamav
    > ls: /usr/local/share/clamav: No such file or directory
    >
    > Can't lock database directory: /var/lib/clamav
    >
    > is the message I get
    >
    > ~$ ls -l /var/lib/clamav/
    > total 10061
    > -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    > -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    > drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    > -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >
    > total 10061
    > -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    > -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    > drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    > -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >
    > I have no clue. Please someone kindly tip me off. I don't want no
    > viruses or identity theft, etc, and think this must work. Please and
    > thank you, if you will be so kind to help.
    >
    > It was all automagically installed with synaptic.


    first of all unless your system is also a mail server
    or something else that provides file sharing services to other clients (win)
    running clamav is pretty worthless.

    try this one: ls -ld /var/lib/clamav
    that command gives you the actual permissions of that dir, ls -l dir/
    just gives permissions of the
    contents of the dir.

    you're right to look for the perms tho since
    Can't lock database directory: /var/lib/clamav
    does seem like a permission error.

    how do you start clamav btw ?
    and under which user account.
    you can find commands with which and whereis

    lastly read the documentation, heck even try to find a ubuntu specific
    howto for all i care
    and you can always strace the command and grep it for open and exec
    system calls
    example:

    strace clamav &> strace.dump
    egrep '^open|exec' strace.dump

    suid/seuid syscalls can also be valuable in this case, since well
    no point in changing perms of a lot of files and thus opening up your system
    if it's just running under the wrong (eg underpriveledged) account

    PS: please don't post the same ls output twice

  3. Re: freshclam & clamav questions

    On 25 Oct, 08:33, oOg wrote:
    > Hi, I have had various errors with these processes. Running Feisty 7.04.
    >
    > Googled for answers and was pointed to
    >
    > $ ls -l /usr/local/share/clamav
    > ls: /usr/local/share/clamav: No such file or directory
    >
    > Can't lock database directory: /var/lib/clamav
    >
    > is the message I get
    >
    > ~$ ls -l /var/lib/clamav/
    > total 10061
    > -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    > -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    > drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    > -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >
    > total 10061
    > -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    > -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    > drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    > -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >
    > I have no clue. Please someone kindly tip me off. I don't want no
    > viruses or identity theft, etc, and think this must work. Please and
    > thank you, if you will be so kind to help.
    >
    > It was all automagically installed with synaptic.


    Are you running SeLinux? That can be a serious source of pin in manual
    software installations such as ClamAV.


  4. Re: freshclam & clamav questions

    Nico wrote:
    > On 25 Oct, 08:33, oOg wrote:
    >> Hi, I have had various errors with these processes. Running Feisty 7.04.
    >>
    >> Googled for answers and was pointed to
    >>
    >> $ ls -l /usr/local/share/clamav
    >> ls: /usr/local/share/clamav: No such file or directory
    >>
    >> Can't lock database directory: /var/lib/clamav
    >>
    >> is the message I get
    >>
    >> ~$ ls -l /var/lib/clamav/
    >> total 10061
    >> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    >> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    >> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    >> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >>
    >> total 10061
    >> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
    >> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
    >> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
    >> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
    >>
    >> I have no clue. Please someone kindly tip me off. I don't want no
    >> viruses or identity theft, etc, and think this must work. Please and
    >> thank you, if you will be so kind to help.
    >>
    >> It was all automagically installed with synaptic.

    >
    > Are you running SeLinux? That can be a serious source of pin in manual
    > software installations such as ClamAV.
    >

    he's a noobie and i don't think ubuntu comes with SeLinux enabled
    it would be very stupid if it was

  5. Re: freshclam & clamav questions

    On Thu, 25 Oct 2007 13:39:13 +0200, goarilla wrote:

    > oOg wrote:
    >> Hi, I have had various errors with these processes. Running Feisty 7.04.
    >>
    >> Googled for answers and was pointed to
    >>
    >> $ ls -l /usr/local/share/clamav
    >> ls: /usr/local/share/clamav: No such file or directory
    >>
    >> Can't lock database directory: /var/lib/clamav
    >>
    >> is the message I get


    [...]

    >> I have no clue. Please someone kindly tip me off. I don't want no
    >> viruses or identity theft, etc, and think this must work. Please and
    >> thank you, if you will be so kind to help.
    >>
    >> It was all automagically installed with synaptic.



    ====================
    Well, DOH..., I guess that maybe I had a scan running when I got that
    message, which would explain it. ;/ It (freshclam) runs OK now, only
    updating sigs and telling me my engine is out of date. I did learn from
    what you wrote, and appreciate it.

    For your interest below I had written to try to answer the questions you
    asked. [[oOg with red face humbly thanks the kind helpers and quietly goes
    back to work arranging for brain transplant surgery and elective attention
    augmentation.]]
    ====================




    >
    > first of all unless your system is also a mail server
    > or something else that provides file sharing services to other clients (win)
    > running clamav is pretty worthless.


    I'm not running the daemon, just do periodic scans with clamscan.
    >
    > try this one: ls -ld /var/lib/clamav
    > that command gives you the actual permissions of that dir, ls -l dir/
    > just gives permissions of the
    > contents of the dir.


    ~$ ls -ld /var/lib/clamav
    drwxr-xr-x 4 clamav clamav 1024 2007-10-25 17:01 /var/lib/clamav

    Tells me I believe that only root has write permission.

    The output of clamscan tells me to update, Synaptic doesn't show any
    available updates, so I try freshclam as root, which gives me the error
    shown above.
    >
    > you're right to look for the perms tho since Can't lock database
    > directory: /var/lib/clamav does seem like a permission error.
    >
    > how do you start clamav btw ?
    > and under which user account.
    > you can find commands with which and whereis


    I only run clamscan. I run it as a normal user when I scan my home
    directory,

    $ clamscan -ir -l scan.txt

    and as root when I scan the entire disk. Sorry I wasn't clear about that.
    >
    > lastly read the documentation,


    Yes I do a lot of this. I'm coming against some deadlines and thought
    this might be too critical to postpone further. So I really appreciate
    you taking your time and knowledge to try to help.

    > heck even try to find a ubuntu specific
    > howto for all i care


    It's worth a thought.

    > and you can always strace the command and grep it for open and exec
    > system calls
    > example:
    >
    > strace clamav &> strace.dump
    > egrep '^open|exec' strace.dump


    Thanks. This is new to me and I will read about it and try it.
    >
    > suid/seuid syscalls can also be valuable in this case, since well no
    > point in changing perms of a lot of files and thus opening up your
    > system if it's just running under the wrong (eg underpriveledged)
    > account


    This is probably what it is about. Also possible, I don't think I did,
    put perhaps I had another process using the directory or db. It's pretty
    difficult and time consuming for me to figure each thing like this out
    the very first time. I will use what you wrote. Thanks again.
    >
    > PS: please don't post the same ls output twice


    Sorry. It must have been an inadvertent extra middle mouse click paste.
    I'll try to be more careful.

+ Reply to Thread