Clamav-status Was: Re: Meeting summary/minutes from today's EPEL sig meeting (2011-03-14)
Jan-Frode Myklebust
janfrode at tanso.net
Thu Mar 17 11:37:37 UTC 2011
On 2011-03-16, Kevin Fenzi <kevin at scrye.com> wrote:
>> It was only the /var/lib/clamav/mirrors.dat that was causing problems
>> being owned by numeric id (old clamav user) and only readable by this
>> user. Guess %ghost should fix this, right ?
>>=20
>> %defattr(0644, clam, clam, 0755)
>> %ghost %{_localstatedir}/lib/clamav/mirrors.dat
>
> I think that would only work if they installed the new version and then
> did a --setowner on it. ;(=20
>
> I think you may need a %pre that removes the old mirrors.dat or I
> wonder,
Crap, you were right... Strangely it seems to only be a problem
the first time i run freshclam. The first time it complains multiple
times about:
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
ERROR: Can't open /var/lib/clamav/mirrors.dat for writing
but later runs doesn't complain at all. Maybe it's only when
the db's changes that it need to write to mirrors.dat... and
it will complain again at a later point.
> could it do that in the freshclam process? Probibly too
> difficult to add.=20
I could of course fix it in /etc/cron.daily/freshclam, if it
see it doesn't have write access to this file:
if test -f /var/lib/clamav/mirrors.dat \
-a ! -w /var/lib/clamav/mirrors.dat
then
chown clam /var/lib/clamav/mirrors.dat
chmod u+rw /var/lib/clamav/mirrors.dat
fi
but it's ugly and opens up race conditions that user clam
could conceivably abuse.. (ln -s /etc/passwd mirrors.dat in
the middle of the "test").
Maybe it's not that important to fix.. Updates are working,
and sysadmin should be able to fix it manually if/when he get the
errors from cron.
-jf
More information about the epel-devel-list
mailing list