ClamAV Ownership and Permissions

Uploading a new drop-off may fail due to the virus scan failing.

This can be due to several reasons:

• SELinux or AppArmor failing to allow the drop-off to be scanned
• Clamd and/or freshclam permissions being wrong

SELinux and AppArmor

In virtually all Linux distributions, there is a security feature originally designed by the American NSA called either SELinux or AppArmor. Its purpose is to stop processes (such as clamd) being able to access files or directories that they would not normally be able to access. clamd needs to be able to access all files under /var/zendto in order to virus scan them, but this is not in its default set of SELinux permissions.

Ubuntu/Debian — AppArmor

Edit (or create) /etc/apparmor.d/local/usr.sbin.clamd and put this in it:

# Site-specific additions and overrides for usr.sbin.clamd.
# For more details, please see /etc/apparmor.d/local/README.
/var/zendto/** r,

You will need to reboot for this change to take effect.

CentOS/RedHat/Fedora — SELinux

These are not as simple to configure as Ubuntu/Debian systems. So for now just disable SELinux entirely be editing /etc/selinux/config and set

SELINUX=disabled

You will need to reboot for this change to take effect.

Clamd / Freshclam Permissions

Both the log directory /var/log/clamav and the socket directory /var/run/clamav, and the files in them, need to have the correct ownership and permissions. The most common error is the ownership. This can easily happen if the clamd RPM and the clamav RPM come from different sources. The following recommendations are what are used in my VM distributions of ZendTo. There are 2 usernames involved: "clam" and "clamav".

The following is all based on the line

User clam

appearing in the file /etc/clamd.conf.

/var/log/clamav

To check this, run the command "freshclam" as root. If it produces an error about the log file, make sure the ownership of the directory and the files in it are set as follows:

drwxr-xr-x 2 clamav clamav  4096 Jul 25 11:04 .
drwxr-xr-x 7 root   root    4096 Jun 16 04:02 ..
-rw-r--r-- 1 clam   clam   11208 Jul 27 14:09 clamd.log
-rw-r--r-- 1 clamav clamav  1396 Jul 27 07:13 freshclam.log

/var/run/clamav

To check this, run the command "service clamd restart" as root. Check that the last entry in the file /var/log/clamav/clamd.log has just been written (they are all timestamped) and see if it produces any errors about the socket file. If it does, then make sure the ownership of the directory and the files in /var/run/clamav are set as follows:

drwxr-xr-x  2 clam clam 4096 Jul 27 13:59 .
drwxr-xr-x 12 root root 4096 Jul 27 13:59 ..
-rw-rw-r--  1 clam clam    4 Jul 27 13:59 clamd.pid
srw-rw-rw-  1 clam clam    0 Jul 27 13:59 clamd.sock

Then try restarting clamd again and see if it now works and produces a clean startup in /var/log/clamav/clamd.log..