Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#917648: clamav-freshclam: doesn't properly clean up temporary files, consumes all disk
655 views
Skip to first unread message
Witold Baryluk
Dec 29, 2018, 2:10:02 PM12/29/18
to
Package: clamav-freshclam
Version: 0.100.2+dfsg-2
Severity: important
freshclam fails to update database, and then also fails to clean up temporary files,
this eventually leads to consumption of entire filesystem free space:
# du -hs /var/lib/clamav/
13G /var/lib/clamav/
#
# ls -l /var/lib/clamav/
total 167496
-rw-r--r-- 1 clamav clamav 187426 Dec 25 23:37 bytecode.cvd
drwx------ 3 clamav clamav 60 Dec 25 23:37 clamav-00234468d6abc0c2b122392512a4bc58.tmp
drwx------ 3 clamav clamav 60 Dec 26 09:38 clamav-02e52ad5a268d14342f85fb98578199f.tmp
drwx------ 3 clamav clamav 60 Dec 26 23:39 clamav-033b5f6a512eccd4d84259d9978274e1.tmp
drwx------ 3 clamav clamav 60 Dec 27 23:41 clamav-05a5c7b1dcbfcf80fc8714f456899486.tmp
drwx------ 3 clamav clamav 60 Dec 29 13:43 clamav-0ceb495e3afb650c4de55d25e6ca0046.tmp
drwx------ 3 clamav clamav 60 Dec 28 00:41 clamav-0e815ec01744d89631287af2cba624a2.tmp
drwx------ 3 clamav clamav 60 Dec 26 10:38 clamav-141787a5c939707e7090bcf8ffa9f283.tmp
drwx------ 3 clamav clamav 60 Dec 28 05:42 clamav-1b6f032bf649beac2b86f7e626166c49.tmp
drwx------ 3 clamav clamav 60 Dec 26 17:39 clamav-1d1f420ca2c1a29fc23576f965e737e4.tmp
drwx------ 3 clamav clamav 60 Dec 29 06:43 clamav-1fb294fdd6f3135fb04f7a8ada3107c4.tmp
drwx------ 3 clamav clamav 60 Dec 28 09:42 clamav-2029101f033d2327f7137ff4a81282d6.tmp
drwx------ 3 clamav clamav 60 Dec 27 15:40 clamav-20f61ae2bd20d9b8eb7b78dad8abe083.tmp
drwx------ 3 clamav clamav 60 Dec 29 14:43 clamav-21fd558400116c9fd40e24d7adaaf3f9.tmp
drwx------ 3 clamav clamav 60 Dec 27 13:40 clamav-224fa65d3a1623ac0240d26b30305ec7.tmp
drwx------ 3 clamav clamav 60 Dec 27 09:40 clamav-250a2b921b74b097b9eb0f437c171f9f.tmp
drwx------ 3 clamav clamav 60 Dec 26 00:37 clamav-2718301620a75d3223172ea7787f13ba.tmp
drwx------ 3 clamav clamav 60 Dec 28 16:43 clamav-2832db1650496b296da6621f3778e90e.tmp
drwx------ 3 clamav clamav 60 Dec 27 19:41 clamav-32d501be71b15090d55b6b0bdd5f7700.tmp
drwx------ 3 clamav clamav 60 Dec 26 11:38 clamav-3b09b58e26346845ee5f603706ecbb8e.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-3e26f5708a493d302b618743cee0f597.tmp
drwx------ 3 clamav clamav 60 Dec 26 22:39 clamav-3e8584500dbc880d7cf879b370a42133.tmp
drwx------ 3 clamav clamav 60 Dec 28 14:42 clamav-45ff118b108104c79616ebd508c3f7a8.tmp
drwx------ 3 clamav clamav 60 Dec 27 20:41 clamav-4760bef60bd1314bc8f824837726f2f1.tmp
drwx------ 3 clamav clamav 60 Dec 26 07:38 clamav-4c97864d484bd3f815aaad2c647017ce.tmp
drwx------ 3 clamav clamav 60 Dec 28 13:42 clamav-4fee085df486c45d4bea16edc992123a.tmp
drwx------ 3 clamav clamav 60 Dec 26 18:39 clamav-5122bb2eeb369d27a0bfb1d8fe9ded55.tmp
drwx------ 3 clamav clamav 60 Dec 28 07:42 clamav-563b00a9fc88a3fb20f7392f7d063a23.tmp
drwx------ 3 clamav clamav 60 Dec 29 07:43 clamav-573ed0e3187eda3690db6ffce4652679.tmp
drwx------ 3 clamav clamav 60 Dec 26 15:39 clamav-59f66f5e8521f4c9afb1a719cb7a1c67.tmp
drwx------ 3 clamav clamav 60 Dec 26 05:38 clamav-5a6ee25a8f0096f72dac9c7915f631e7.tmp
drwx------ 3 clamav clamav 60 Dec 27 00:39 clamav-5d21c8e45133c7cc13d405cfd82415a5.tmp
drwx------ 3 clamav clamav 60 Dec 27 14:40 clamav-5f85d3022d15838df57d46e162716fc0.tmp
drwx------ 3 clamav clamav 60 Dec 26 08:38 clamav-677864653fd3ef65935fca9c5f922fce.tmp
drwx------ 3 clamav clamav 60 Dec 26 12:38 clamav-681b269498db0437cc4e1e812c96b86d.tmp
drwx------ 3 clamav clamav 60 Dec 28 19:43 clamav-6afe96236b48354988f9b7b57c4374b6.tmp
drwx------ 3 clamav clamav 60 Dec 29 17:43 clamav-6baa95f330c1f51fb4ce32f898dc8fe9.tmp
drwx------ 3 clamav clamav 60 Dec 29 18:43 clamav-6c9737442982b2d97e468502e6c8e0c8.tmp
drwx------ 3 clamav clamav 60 Dec 28 18:43 clamav-718525c9c1e44d652640a8eb5b0c73dd.tmp
drwx------ 3 clamav clamav 60 Dec 26 04:38 clamav-72f139a58dbd5d7ff68deec5aa1bcc8b.tmp
drwx------ 3 clamav clamav 60 Dec 28 21:43 clamav-73240a7563e01b4d1b5e94d89521dfcc.tmp
drwx------ 3 clamav clamav 60 Dec 28 22:43 clamav-7344be7c3eef73a56c877b4b61f2b3da.tmp
drwx------ 3 clamav clamav 60 Dec 26 01:37 clamav-73774469cd4b66aaff150a16bbad6d38.tmp
drwx------ 3 clamav clamav 60 Dec 27 18:41 clamav-7428eabe4fa4ebd7ed8d9ee68a7aa3f5.tmp
drwx------ 3 clamav clamav 60 Dec 26 20:39 clamav-743ec55727be50556001afc59a21cd03.tmp
drwx------ 3 clamav clamav 60 Dec 27 11:40 clamav-7914e3c686b44f3521dfdfffa492aa30.tmp
drwx------ 3 clamav clamav 60 Dec 27 06:40 clamav-7e6ca2b69fd26d63c6c6236f87808d6d.tmp
drwx------ 3 clamav clamav 60 Dec 28 15:42 clamav-7eb63b5f954b90130acd28860fa5c6c4.tmp
drwx------ 3 clamav clamav 60 Dec 28 04:41 clamav-85a01c61fa4c282243767f561d2eef83.tmp
drwx------ 3 clamav clamav 60 Dec 27 02:39 clamav-8907db7df66bf50ce73c84b9b7e9712b.tmp
drwx------ 3 clamav clamav 60 Dec 29 15:43 clamav-89e97046a20465bda3605b9e8687fb7f.tmp
drwx------ 3 clamav clamav 60 Dec 28 01:41 clamav-8c14a1ee677b78ca21f7edb3f8b7c972.tmp
drwx------ 3 clamav clamav 60 Dec 29 09:43 clamav-8c79d756f763a13d600f073e5e76aa8c.tmp
drwx------ 3 clamav clamav 60 Dec 28 12:42 clamav-8c96281584e112ca86cd7bbb16c36eaf.tmp
drwx------ 3 clamav clamav 60 Dec 26 14:39 clamav-8db9554deea743f49634b70dfeca75b9.tmp
drwx------ 3 clamav clamav 60 Dec 28 23:43 clamav-92395c70fbe3f53d11a3a241534fdbcf.tmp
drwx------ 3 clamav clamav 60 Dec 28 11:42 clamav-96bb12a48d6866e232418c76c7d8a6dc.tmp
drwx------ 3 clamav clamav 60 Dec 29 01:43 clamav-a0c53bf85f3ba6b1bc026d70d041d00e.tmp
drwx------ 3 clamav clamav 60 Dec 26 02:37 clamav-a1a8e08f0ff9a1c5a48d1557cf24ff60.tmp
drwx------ 3 clamav clamav 60 Dec 29 10:43 clamav-a201456052785258ce26b0f4d9af6a74.tmp
drwx------ 3 clamav clamav 60 Dec 28 08:42 clamav-a2cca09ef81a46feb66ad989b5a407b4.tmp
drwx------ 3 clamav clamav 60 Dec 27 16:40 clamav-a341e1a8b0b812e3786cc13d06e6fc94.tmp
drwx------ 3 clamav clamav 60 Dec 27 01:39 clamav-a584db575607c4162a49249389a1b832.tmp
drwx------ 3 clamav clamav 60 Dec 26 16:39 clamav-a6d5ae72216dd1f27be7cab5acf18790.tmp
drwx------ 3 clamav clamav 60 Dec 29 08:43 clamav-ab37d77cbc105be50ed7b18a1176deed.tmp
drwx------ 3 clamav clamav 60 Dec 26 21:39 clamav-abac2aba394465ac31661f04faa4447c.tmp
drwx------ 3 clamav clamav 60 Dec 28 10:42 clamav-b07e0b89c58d3ca100fc029d1c08021a.tmp
drwx------ 3 clamav clamav 60 Dec 26 06:38 clamav-b3d489d7e5716c0eed2865cdaca1d48b.tmp
drwx------ 3 clamav clamav 60 Dec 27 12:40 clamav-b4befe3092c95ba634e1d0763f4665c8.tmp
drwx------ 3 clamav clamav 60 Dec 28 06:42 clamav-b4f7e449deb434f9798fbb0149d97501.tmp
drwx------ 3 clamav clamav 60 Dec 27 05:40 clamav-b7f4f76492ab5609be089f24b2bed7f6.tmp
drwx------ 3 clamav clamav 60 Dec 29 16:43 clamav-b8983ee8b40f16ba219bb3f6b37ecb5e.tmp
drwx------ 3 clamav clamav 60 Dec 29 05:43 clamav-b9dc1c4c7a42c45f674d8d4b28983aeb.tmp
drwx------ 3 clamav clamav 60 Dec 29 02:43 clamav-bdbfc04464aa169e62c1b8316d97b014.tmp
drwx------ 3 clamav clamav 60 Dec 27 10:40 clamav-bde1bc552cbaf9b228d1df5e2202c636.tmp
drwx------ 3 clamav clamav 60 Dec 27 22:41 clamav-bf4081217b96ed5648e7f659302fd7ff.tmp
drwx------ 3 clamav clamav 60 Dec 29 00:43 clamav-c0a3c27b029372dc51dfe5878fd46573.tmp
drwx------ 3 clamav clamav 60 Dec 27 17:40 clamav-c22d437fce3b4b83966eefca797252f6.tmp
drwx------ 3 clamav clamav 60 Dec 29 03:43 clamav-c9f307cfa480c04fed1b8887e79cc564.tmp
drwx------ 3 clamav clamav 60 Dec 27 03:39 clamav-cc3be9b7bdd9d52fb4459b0d277a5f54.tmp
drwx------ 3 clamav clamav 60 Dec 28 02:41 clamav-cff125d17c0325e79b16176e78ba9e23.tmp
drwx------ 3 clamav clamav 60 Dec 29 04:43 clamav-d2cd203a50a89349ab9fee6d955ae6d4.tmp
drwx------ 3 clamav clamav 60 Dec 27 21:41 clamav-d3e4a8897c5b90145b41167598ef3849.tmp
drwx------ 3 clamav clamav 60 Dec 28 20:43 clamav-d9dcd043a97e597281828e8bee0652cf.tmp
drwx------ 3 clamav clamav 60 Dec 29 11:43 clamav-dace521239db19a9fbee000f642945a9.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-e2589ecf39e5488eb284a582b408ec02.tmp
drwx------ 3 clamav clamav 60 Dec 29 12:43 clamav-e497400c8eb5ad77e154664335835a46.tmp
drwx------ 3 clamav clamav 60 Dec 27 04:39 clamav-e4cffc5ca3d92c0422a2629f292781d1.tmp
drwx------ 3 clamav clamav 60 Dec 27 07:40 clamav-ee1ee1afc7b9165dd47f151cccd56e1a.tmp
drwx------ 3 clamav clamav 60 Dec 27 08:40 clamav-f2d4a4d3751b8c66826eaff6b552e4de.tmp
drwx------ 3 clamav clamav 60 Dec 28 17:43 clamav-f624c85bacc76d979c70130ac40d431e.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-f868fad3e0240be04afa3afcfe1689d0.tmp
drwx------ 3 clamav clamav 60 Dec 26 03:38 clamav-fa4849d2233913b5ef2acec991c2af40.tmp
drwx------ 3 clamav clamav 60 Dec 26 13:38 clamav-fcd52964c63735dcc9338bf66ec9a45f.tmp
drwx------ 3 clamav clamav 60 Dec 26 19:39 clamav-fe401e8c11e31482a1e0a78a374dd972.tmp
drwx------ 3 clamav clamav 60 Dec 28 03:41 clamav-fea0b4041606fc642cac97b8063dff6d.tmp
-rw-r--r-- 1 clamav clamav 53424829 Dec 25 23:37 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
-rw------- 1 clamav clamav 520 Dec 29 18:44 mirrors.dat
#
tail of the log /var/log/clamav/freshclam.log
Sat Dec 29 07:43:47 2018 -> --------------------------------------
Sat Dec 29 08:43:47 2018 -> Received signal: wake up
Sat Dec 29 08:43:47 2018 -> ClamAV update process started at Sat Dec 29 08:43:47 2018
Sat Dec 29 08:43:47 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 08:43:48 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-ab37d77cbc105be50ed7b18a1176deed.tmp/clamav-daffee6569cd3336e17b99972d9a4833.tmp
Sat Dec 29 08:43:48 2018 -> ERROR: Can't create local database
Sat Dec 29 08:43:48 2018 -> --------------------------------------
Sat Dec 29 09:43:48 2018 -> Received signal: wake up
Sat Dec 29 09:43:48 2018 -> ClamAV update process started at Sat Dec 29 09:43:48 2018
Sat Dec 29 09:43:48 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 09:43:49 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-8c79d756f763a13d600f073e5e76aa8c.tmp/clamav-edfbd39b178297c3c67f5b62c96940e1.tmp
Sat Dec 29 09:43:49 2018 -> ERROR: Can't create local database
Sat Dec 29 09:43:49 2018 -> --------------------------------------
Sat Dec 29 10:43:49 2018 -> Received signal: wake up
Sat Dec 29 10:43:49 2018 -> ClamAV update process started at Sat Dec 29 10:43:49 2018
Sat Dec 29 10:43:49 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 10:43:51 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-a201456052785258ce26b0f4d9af6a74.tmp/clamav-911a066352a1bc121715462614ee05a4.tmp
Sat Dec 29 10:43:51 2018 -> ERROR: Can't create local database
Sat Dec 29 10:43:51 2018 -> --------------------------------------
Sat Dec 29 11:43:51 2018 -> Received signal: wake up
Sat Dec 29 11:43:51 2018 -> ClamAV update process started at Sat Dec 29 11:43:51 2018
Sat Dec 29 11:43:51 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 11:43:51 2018 -> WARNING: [LibClamAV] cli_untgz: Wrote 0 instead of 512 (/var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-fa63e666dd4f0220ebdcc60a4436017e.tmp/daily.hsb)
Sat Dec 29 11:43:51 2018 -> ERROR: chdir_tmp: Can't unpack daily.cvd into /var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-fa63e666dd4f0220ebdcc60a4436017e.tmp
Sat Dec 29 11:43:51 2018 -> WARNING: Incremental update failed, trying to download daily.cvd
Sat Dec 29 11:43:52 2018 -> getfile: Can't write 8192 bytes to /var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-6975e783d0cad9c16a7f51b86c650e7a.tmp
Sat Dec 29 11:43:52 2018 -> WARNING: Can't download daily.cvd from db.local.clamav.net
Sat Dec 29 11:43:53 2018 -> --------------------------------------
Sat Dec 29 12:43:53 Sat Dec 29 18:48:55 2018 -> Update process terminated
Sat Dec 29 18:52:34 2018 -> --------------------------------------
Sat Dec 29 18:52:34 2018 -> freshclam daemon 0.100.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sat Dec 29 18:52:34 2018 -> ClamAV update process started at Sat Dec 29 18:52:34 2018
Sat Dec 29 18:52:34 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 18:52:36 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25250.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp
Sat Dec 29 18:52:36 2018 -> ERROR: Can't create local database
Sat Dec 29 18:52:36 2018 -> --------------------------------------
(END)
#
Some of the errors (i.e. 10:43:51) are probably due to no free space anymore to perform update correctly.
Why it says it can't open directory I have no idea.
The last update (18:52:34) is with all tmp files manually removed, so it
can start fresh with 10GB+ of free space available. It still fails, and
leaves temporary directory not cleaned up.
Content of the directory
# ls -l /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
total 156272
-rw-r--r-- 1 clamav clamav 17992 Dec 29 18:52 COPYING
-rw-r--r-- 1 clamav clamav 557 Dec 29 18:52 daily.cdb
-rw-r--r-- 1 clamav clamav 424 Dec 29 18:52 daily.cfg
-rw-r--r-- 1 clamav clamav 6040 Dec 29 18:52 daily.crb
-rw-r--r-- 1 clamav clamav 26306 Dec 29 18:52 daily.fp
-rw-r--r-- 1 clamav clamav 10760 Dec 29 18:52 daily.ftm
-rw-r--r-- 1 clamav clamav 29112838 Dec 29 18:52 daily.hdb
-rw-r--r-- 1 clamav clamav 3530 Dec 29 18:52 daily.hdu
-rw-r--r-- 1 clamav clamav 119164976 Dec 29 18:52 daily.hsb
-rw-r--r-- 1 clamav clamav 195 Dec 29 18:52 daily.hsu
-rw-r--r-- 1 clamav clamav 36296 Dec 29 18:52 daily.idb
-rw-r--r-- 1 clamav clamav 22349 Dec 29 18:52 daily.ign
-rw-r--r-- 1 clamav clamav 16915 Dec 29 18:52 daily.ign2
-rw-r--r-- 1 clamav clamav 2282 Dec 29 18:52 daily.info
-rw-r--r-- 1 clamav clamav 4833857 Dec 29 18:52 daily.ldb
-rw-r--r-- 1 clamav clamav 684683 Dec 29 18:52 daily.ldu
-rw-r--r-- 1 clamav clamav 4839990 Dec 29 18:52 daily.mdb
-rw-r--r-- 1 clamav clamav 69427 Dec 29 18:52 daily.mdu
-rw-r--r-- 1 clamav clamav 161 Dec 29 18:52 daily.msb
-rw-r--r-- 1 clamav clamav 92 Dec 29 18:52 daily.msu
-rw-r--r-- 1 clamav clamav 272503 Dec 29 18:52 daily.ndb
-rw-r--r-- 1 clamav clamav 825902 Dec 29 18:52 daily.ndu
-rw-r--r-- 1 clamav clamav 4094 Dec 29 18:52 daily.pdb
-rw-r--r-- 1 clamav clamav 87 Dec 29 18:52 daily.sfp
-rw-r--r-- 1 clamav clamav 10095 Dec 29 18:52 daily.wdb
#
Permissions
# stat /var/lib/clamav
File: /var/lib/clamav
Size: 140 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 34724 Links: 1
Access: (0755/drwxr-xr-x) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-11-09 00:08:14.000000000 +0000
Modify: 2018-12-29 18:52:34.730766810 +0000
Change: 2018-12-29 18:52:34.730766810 +0000
Birth: -
# stat /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/
File: /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/
Size: 60 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 5762468 Links: 3
Access: (0700/drwx------) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-12-29 18:52:34.730766810 +0000
Modify: 2018-12-29 18:52:36.526807965 +0000
Change: 2018-12-29 18:52:36.526807965 +0000
Birth: -
# stat /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
File: /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
Size: 540 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 5762472 Links: 2
Access: (0700/drwx------) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-12-29 18:52:34.734766902 +0000
Modify: 2018-12-29 18:52:36.526807965 +0000
Change: 2018-12-29 18:52:36.526807965 +0000
Birth: -
#
Relevant mount points:
/dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=3287820k,mode=755)
/dev/sda1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
/dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
-- Package-specific info:
--- configuration ---
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
--- data dir ---
total 167496
-rw-r--r-- 1 clamav clamav 187426 Dec 25 23:37 bytecode.cvd
drwx------ 3 clamav clamav 60 Dec 29 18:52 clamav-328e85124dfde381c94634ab186d9a74.tmp
-rw-r--r-- 1 clamav clamav 53424829 Dec 25 23:37 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
-rw------- 1 clamav clamav 520 Dec 29 18:52 mirrors.dat
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-2-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.100.2+dfsg-2
ii debconf [debconf-2.0] 1.5.69
ii dpkg 1.19.2
ii libc6 2.28-2
ii libclamav7 0.100.2+dfsg-1
ii libssl1.1 1.1.1-2
ii logrotate 3.14.0-4
ii lsb-base 9.20170808
ii procps 2:3.3.15-2
ii ucf 3.0038
ii zlib1g 1:1.2.11.dfsg-1
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
ii apparmor 2.13.1-3+b1
pn clamav-docs <none>
-- debconf information:
clamav-freshclam/Bytecode: true
clamav-freshclam/PrivateMirror:
clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/update_interval: 24
clamav-freshclam/http_proxy:
clamav-freshclam/SafeBrowsing: false
clamav-freshclam/LogRotate: true
clamav-freshclam/internet_interface:
clamav-freshclam/NotifyClamd: true
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/proxy_user:
Version: 0.100.2+dfsg-2
Severity: important
freshclam fails to update database, and then also fails to clean up temporary files,
this eventually leads to consumption of entire filesystem free space:
# du -hs /var/lib/clamav/
13G /var/lib/clamav/
#
# ls -l /var/lib/clamav/
total 167496
-rw-r--r-- 1 clamav clamav 187426 Dec 25 23:37 bytecode.cvd
drwx------ 3 clamav clamav 60 Dec 25 23:37 clamav-00234468d6abc0c2b122392512a4bc58.tmp
drwx------ 3 clamav clamav 60 Dec 26 09:38 clamav-02e52ad5a268d14342f85fb98578199f.tmp
drwx------ 3 clamav clamav 60 Dec 26 23:39 clamav-033b5f6a512eccd4d84259d9978274e1.tmp
drwx------ 3 clamav clamav 60 Dec 27 23:41 clamav-05a5c7b1dcbfcf80fc8714f456899486.tmp
drwx------ 3 clamav clamav 60 Dec 29 13:43 clamav-0ceb495e3afb650c4de55d25e6ca0046.tmp
drwx------ 3 clamav clamav 60 Dec 28 00:41 clamav-0e815ec01744d89631287af2cba624a2.tmp
drwx------ 3 clamav clamav 60 Dec 26 10:38 clamav-141787a5c939707e7090bcf8ffa9f283.tmp
drwx------ 3 clamav clamav 60 Dec 28 05:42 clamav-1b6f032bf649beac2b86f7e626166c49.tmp
drwx------ 3 clamav clamav 60 Dec 26 17:39 clamav-1d1f420ca2c1a29fc23576f965e737e4.tmp
drwx------ 3 clamav clamav 60 Dec 29 06:43 clamav-1fb294fdd6f3135fb04f7a8ada3107c4.tmp
drwx------ 3 clamav clamav 60 Dec 28 09:42 clamav-2029101f033d2327f7137ff4a81282d6.tmp
drwx------ 3 clamav clamav 60 Dec 27 15:40 clamav-20f61ae2bd20d9b8eb7b78dad8abe083.tmp
drwx------ 3 clamav clamav 60 Dec 29 14:43 clamav-21fd558400116c9fd40e24d7adaaf3f9.tmp
drwx------ 3 clamav clamav 60 Dec 27 13:40 clamav-224fa65d3a1623ac0240d26b30305ec7.tmp
drwx------ 3 clamav clamav 60 Dec 27 09:40 clamav-250a2b921b74b097b9eb0f437c171f9f.tmp
drwx------ 3 clamav clamav 60 Dec 26 00:37 clamav-2718301620a75d3223172ea7787f13ba.tmp
drwx------ 3 clamav clamav 60 Dec 28 16:43 clamav-2832db1650496b296da6621f3778e90e.tmp
drwx------ 3 clamav clamav 60 Dec 27 19:41 clamav-32d501be71b15090d55b6b0bdd5f7700.tmp
drwx------ 3 clamav clamav 60 Dec 26 11:38 clamav-3b09b58e26346845ee5f603706ecbb8e.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-3e26f5708a493d302b618743cee0f597.tmp
drwx------ 3 clamav clamav 60 Dec 26 22:39 clamav-3e8584500dbc880d7cf879b370a42133.tmp
drwx------ 3 clamav clamav 60 Dec 28 14:42 clamav-45ff118b108104c79616ebd508c3f7a8.tmp
drwx------ 3 clamav clamav 60 Dec 27 20:41 clamav-4760bef60bd1314bc8f824837726f2f1.tmp
drwx------ 3 clamav clamav 60 Dec 26 07:38 clamav-4c97864d484bd3f815aaad2c647017ce.tmp
drwx------ 3 clamav clamav 60 Dec 28 13:42 clamav-4fee085df486c45d4bea16edc992123a.tmp
drwx------ 3 clamav clamav 60 Dec 26 18:39 clamav-5122bb2eeb369d27a0bfb1d8fe9ded55.tmp
drwx------ 3 clamav clamav 60 Dec 28 07:42 clamav-563b00a9fc88a3fb20f7392f7d063a23.tmp
drwx------ 3 clamav clamav 60 Dec 29 07:43 clamav-573ed0e3187eda3690db6ffce4652679.tmp
drwx------ 3 clamav clamav 60 Dec 26 15:39 clamav-59f66f5e8521f4c9afb1a719cb7a1c67.tmp
drwx------ 3 clamav clamav 60 Dec 26 05:38 clamav-5a6ee25a8f0096f72dac9c7915f631e7.tmp
drwx------ 3 clamav clamav 60 Dec 27 00:39 clamav-5d21c8e45133c7cc13d405cfd82415a5.tmp
drwx------ 3 clamav clamav 60 Dec 27 14:40 clamav-5f85d3022d15838df57d46e162716fc0.tmp
drwx------ 3 clamav clamav 60 Dec 26 08:38 clamav-677864653fd3ef65935fca9c5f922fce.tmp
drwx------ 3 clamav clamav 60 Dec 26 12:38 clamav-681b269498db0437cc4e1e812c96b86d.tmp
drwx------ 3 clamav clamav 60 Dec 28 19:43 clamav-6afe96236b48354988f9b7b57c4374b6.tmp
drwx------ 3 clamav clamav 60 Dec 29 17:43 clamav-6baa95f330c1f51fb4ce32f898dc8fe9.tmp
drwx------ 3 clamav clamav 60 Dec 29 18:43 clamav-6c9737442982b2d97e468502e6c8e0c8.tmp
drwx------ 3 clamav clamav 60 Dec 28 18:43 clamav-718525c9c1e44d652640a8eb5b0c73dd.tmp
drwx------ 3 clamav clamav 60 Dec 26 04:38 clamav-72f139a58dbd5d7ff68deec5aa1bcc8b.tmp
drwx------ 3 clamav clamav 60 Dec 28 21:43 clamav-73240a7563e01b4d1b5e94d89521dfcc.tmp
drwx------ 3 clamav clamav 60 Dec 28 22:43 clamav-7344be7c3eef73a56c877b4b61f2b3da.tmp
drwx------ 3 clamav clamav 60 Dec 26 01:37 clamav-73774469cd4b66aaff150a16bbad6d38.tmp
drwx------ 3 clamav clamav 60 Dec 27 18:41 clamav-7428eabe4fa4ebd7ed8d9ee68a7aa3f5.tmp
drwx------ 3 clamav clamav 60 Dec 26 20:39 clamav-743ec55727be50556001afc59a21cd03.tmp
drwx------ 3 clamav clamav 60 Dec 27 11:40 clamav-7914e3c686b44f3521dfdfffa492aa30.tmp
drwx------ 3 clamav clamav 60 Dec 27 06:40 clamav-7e6ca2b69fd26d63c6c6236f87808d6d.tmp
drwx------ 3 clamav clamav 60 Dec 28 15:42 clamav-7eb63b5f954b90130acd28860fa5c6c4.tmp
drwx------ 3 clamav clamav 60 Dec 28 04:41 clamav-85a01c61fa4c282243767f561d2eef83.tmp
drwx------ 3 clamav clamav 60 Dec 27 02:39 clamav-8907db7df66bf50ce73c84b9b7e9712b.tmp
drwx------ 3 clamav clamav 60 Dec 29 15:43 clamav-89e97046a20465bda3605b9e8687fb7f.tmp
drwx------ 3 clamav clamav 60 Dec 28 01:41 clamav-8c14a1ee677b78ca21f7edb3f8b7c972.tmp
drwx------ 3 clamav clamav 60 Dec 29 09:43 clamav-8c79d756f763a13d600f073e5e76aa8c.tmp
drwx------ 3 clamav clamav 60 Dec 28 12:42 clamav-8c96281584e112ca86cd7bbb16c36eaf.tmp
drwx------ 3 clamav clamav 60 Dec 26 14:39 clamav-8db9554deea743f49634b70dfeca75b9.tmp
drwx------ 3 clamav clamav 60 Dec 28 23:43 clamav-92395c70fbe3f53d11a3a241534fdbcf.tmp
drwx------ 3 clamav clamav 60 Dec 28 11:42 clamav-96bb12a48d6866e232418c76c7d8a6dc.tmp
drwx------ 3 clamav clamav 60 Dec 29 01:43 clamav-a0c53bf85f3ba6b1bc026d70d041d00e.tmp
drwx------ 3 clamav clamav 60 Dec 26 02:37 clamav-a1a8e08f0ff9a1c5a48d1557cf24ff60.tmp
drwx------ 3 clamav clamav 60 Dec 29 10:43 clamav-a201456052785258ce26b0f4d9af6a74.tmp
drwx------ 3 clamav clamav 60 Dec 28 08:42 clamav-a2cca09ef81a46feb66ad989b5a407b4.tmp
drwx------ 3 clamav clamav 60 Dec 27 16:40 clamav-a341e1a8b0b812e3786cc13d06e6fc94.tmp
drwx------ 3 clamav clamav 60 Dec 27 01:39 clamav-a584db575607c4162a49249389a1b832.tmp
drwx------ 3 clamav clamav 60 Dec 26 16:39 clamav-a6d5ae72216dd1f27be7cab5acf18790.tmp
drwx------ 3 clamav clamav 60 Dec 29 08:43 clamav-ab37d77cbc105be50ed7b18a1176deed.tmp
drwx------ 3 clamav clamav 60 Dec 26 21:39 clamav-abac2aba394465ac31661f04faa4447c.tmp
drwx------ 3 clamav clamav 60 Dec 28 10:42 clamav-b07e0b89c58d3ca100fc029d1c08021a.tmp
drwx------ 3 clamav clamav 60 Dec 26 06:38 clamav-b3d489d7e5716c0eed2865cdaca1d48b.tmp
drwx------ 3 clamav clamav 60 Dec 27 12:40 clamav-b4befe3092c95ba634e1d0763f4665c8.tmp
drwx------ 3 clamav clamav 60 Dec 28 06:42 clamav-b4f7e449deb434f9798fbb0149d97501.tmp
drwx------ 3 clamav clamav 60 Dec 27 05:40 clamav-b7f4f76492ab5609be089f24b2bed7f6.tmp
drwx------ 3 clamav clamav 60 Dec 29 16:43 clamav-b8983ee8b40f16ba219bb3f6b37ecb5e.tmp
drwx------ 3 clamav clamav 60 Dec 29 05:43 clamav-b9dc1c4c7a42c45f674d8d4b28983aeb.tmp
drwx------ 3 clamav clamav 60 Dec 29 02:43 clamav-bdbfc04464aa169e62c1b8316d97b014.tmp
drwx------ 3 clamav clamav 60 Dec 27 10:40 clamav-bde1bc552cbaf9b228d1df5e2202c636.tmp
drwx------ 3 clamav clamav 60 Dec 27 22:41 clamav-bf4081217b96ed5648e7f659302fd7ff.tmp
drwx------ 3 clamav clamav 60 Dec 29 00:43 clamav-c0a3c27b029372dc51dfe5878fd46573.tmp
drwx------ 3 clamav clamav 60 Dec 27 17:40 clamav-c22d437fce3b4b83966eefca797252f6.tmp
drwx------ 3 clamav clamav 60 Dec 29 03:43 clamav-c9f307cfa480c04fed1b8887e79cc564.tmp
drwx------ 3 clamav clamav 60 Dec 27 03:39 clamav-cc3be9b7bdd9d52fb4459b0d277a5f54.tmp
drwx------ 3 clamav clamav 60 Dec 28 02:41 clamav-cff125d17c0325e79b16176e78ba9e23.tmp
drwx------ 3 clamav clamav 60 Dec 29 04:43 clamav-d2cd203a50a89349ab9fee6d955ae6d4.tmp
drwx------ 3 clamav clamav 60 Dec 27 21:41 clamav-d3e4a8897c5b90145b41167598ef3849.tmp
drwx------ 3 clamav clamav 60 Dec 28 20:43 clamav-d9dcd043a97e597281828e8bee0652cf.tmp
drwx------ 3 clamav clamav 60 Dec 29 11:43 clamav-dace521239db19a9fbee000f642945a9.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-e2589ecf39e5488eb284a582b408ec02.tmp
drwx------ 3 clamav clamav 60 Dec 29 12:43 clamav-e497400c8eb5ad77e154664335835a46.tmp
drwx------ 3 clamav clamav 60 Dec 27 04:39 clamav-e4cffc5ca3d92c0422a2629f292781d1.tmp
drwx------ 3 clamav clamav 60 Dec 27 07:40 clamav-ee1ee1afc7b9165dd47f151cccd56e1a.tmp
drwx------ 3 clamav clamav 60 Dec 27 08:40 clamav-f2d4a4d3751b8c66826eaff6b552e4de.tmp
drwx------ 3 clamav clamav 60 Dec 28 17:43 clamav-f624c85bacc76d979c70130ac40d431e.tmp
drwx------ 2 clamav clamav 40 Dec 25 23:37 clamav-f868fad3e0240be04afa3afcfe1689d0.tmp
drwx------ 3 clamav clamav 60 Dec 26 03:38 clamav-fa4849d2233913b5ef2acec991c2af40.tmp
drwx------ 3 clamav clamav 60 Dec 26 13:38 clamav-fcd52964c63735dcc9338bf66ec9a45f.tmp
drwx------ 3 clamav clamav 60 Dec 26 19:39 clamav-fe401e8c11e31482a1e0a78a374dd972.tmp
drwx------ 3 clamav clamav 60 Dec 28 03:41 clamav-fea0b4041606fc642cac97b8063dff6d.tmp
-rw-r--r-- 1 clamav clamav 53424829 Dec 25 23:37 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
-rw------- 1 clamav clamav 520 Dec 29 18:44 mirrors.dat
#
tail of the log /var/log/clamav/freshclam.log
Sat Dec 29 07:43:47 2018 -> --------------------------------------
Sat Dec 29 08:43:47 2018 -> Received signal: wake up
Sat Dec 29 08:43:47 2018 -> ClamAV update process started at Sat Dec 29 08:43:47 2018
Sat Dec 29 08:43:47 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 08:43:48 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 08:43:48 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-ab37d77cbc105be50ed7b18a1176deed.tmp/clamav-daffee6569cd3336e17b99972d9a4833.tmp
Sat Dec 29 08:43:48 2018 -> ERROR: Can't create local database
Sat Dec 29 08:43:48 2018 -> --------------------------------------
Sat Dec 29 09:43:48 2018 -> Received signal: wake up
Sat Dec 29 09:43:48 2018 -> ClamAV update process started at Sat Dec 29 09:43:48 2018
Sat Dec 29 09:43:48 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 09:43:49 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 09:43:49 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-8c79d756f763a13d600f073e5e76aa8c.tmp/clamav-edfbd39b178297c3c67f5b62c96940e1.tmp
Sat Dec 29 09:43:49 2018 -> ERROR: Can't create local database
Sat Dec 29 09:43:49 2018 -> --------------------------------------
Sat Dec 29 10:43:49 2018 -> Received signal: wake up
Sat Dec 29 10:43:49 2018 -> ClamAV update process started at Sat Dec 29 10:43:49 2018
Sat Dec 29 10:43:49 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 10:43:51 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 10:43:51 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-a201456052785258ce26b0f4d9af6a74.tmp/clamav-911a066352a1bc121715462614ee05a4.tmp
Sat Dec 29 10:43:51 2018 -> ERROR: Can't create local database
Sat Dec 29 10:43:51 2018 -> --------------------------------------
Sat Dec 29 11:43:51 2018 -> Received signal: wake up
Sat Dec 29 11:43:51 2018 -> ClamAV update process started at Sat Dec 29 11:43:51 2018
Sat Dec 29 11:43:51 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 11:43:51 2018 -> WARNING: [LibClamAV] cli_untgz: Wrote 0 instead of 512 (/var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-fa63e666dd4f0220ebdcc60a4436017e.tmp/daily.hsb)
Sat Dec 29 11:43:51 2018 -> ERROR: chdir_tmp: Can't unpack daily.cvd into /var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-fa63e666dd4f0220ebdcc60a4436017e.tmp
Sat Dec 29 11:43:51 2018 -> WARNING: Incremental update failed, trying to download daily.cvd
Sat Dec 29 11:43:52 2018 -> getfile: Can't write 8192 bytes to /var/lib/clamav/clamav-dace521239db19a9fbee000f642945a9.tmp/clamav-6975e783d0cad9c16a7f51b86c650e7a.tmp
Sat Dec 29 11:43:52 2018 -> WARNING: Can't download daily.cvd from db.local.clamav.net
Sat Dec 29 11:43:53 2018 -> --------------------------------------
Sat Dec 29 12:43:53 Sat Dec 29 18:48:55 2018 -> Update process terminated
Sat Dec 29 18:52:34 2018 -> --------------------------------------
Sat Dec 29 18:52:34 2018 -> freshclam daemon 0.100.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sat Dec 29 18:52:34 2018 -> ClamAV update process started at Sat Dec 29 18:52:34 2018
Sat Dec 29 18:52:34 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
Sat Dec 29 18:52:36 2018 -> Downloading daily-25240.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25241.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25242.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25243.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25244.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25245.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25246.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25247.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25248.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25249.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> Downloading daily-25250.cdiff [100%]
Sat Dec 29 18:52:36 2018 -> ERROR: buildcld: Can't open directory /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp
Sat Dec 29 18:52:36 2018 -> ERROR: Can't create local database
Sat Dec 29 18:52:36 2018 -> --------------------------------------
(END)
#
Some of the errors (i.e. 10:43:51) are probably due to no free space anymore to perform update correctly.
Why it says it can't open directory I have no idea.
The last update (18:52:34) is with all tmp files manually removed, so it
can start fresh with 10GB+ of free space available. It still fails, and
leaves temporary directory not cleaned up.
Content of the directory
# ls -l /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
total 156272
-rw-r--r-- 1 clamav clamav 17992 Dec 29 18:52 COPYING
-rw-r--r-- 1 clamav clamav 557 Dec 29 18:52 daily.cdb
-rw-r--r-- 1 clamav clamav 424 Dec 29 18:52 daily.cfg
-rw-r--r-- 1 clamav clamav 6040 Dec 29 18:52 daily.crb
-rw-r--r-- 1 clamav clamav 26306 Dec 29 18:52 daily.fp
-rw-r--r-- 1 clamav clamav 10760 Dec 29 18:52 daily.ftm
-rw-r--r-- 1 clamav clamav 29112838 Dec 29 18:52 daily.hdb
-rw-r--r-- 1 clamav clamav 3530 Dec 29 18:52 daily.hdu
-rw-r--r-- 1 clamav clamav 119164976 Dec 29 18:52 daily.hsb
-rw-r--r-- 1 clamav clamav 195 Dec 29 18:52 daily.hsu
-rw-r--r-- 1 clamav clamav 36296 Dec 29 18:52 daily.idb
-rw-r--r-- 1 clamav clamav 22349 Dec 29 18:52 daily.ign
-rw-r--r-- 1 clamav clamav 16915 Dec 29 18:52 daily.ign2
-rw-r--r-- 1 clamav clamav 2282 Dec 29 18:52 daily.info
-rw-r--r-- 1 clamav clamav 4833857 Dec 29 18:52 daily.ldb
-rw-r--r-- 1 clamav clamav 684683 Dec 29 18:52 daily.ldu
-rw-r--r-- 1 clamav clamav 4839990 Dec 29 18:52 daily.mdb
-rw-r--r-- 1 clamav clamav 69427 Dec 29 18:52 daily.mdu
-rw-r--r-- 1 clamav clamav 161 Dec 29 18:52 daily.msb
-rw-r--r-- 1 clamav clamav 92 Dec 29 18:52 daily.msu
-rw-r--r-- 1 clamav clamav 272503 Dec 29 18:52 daily.ndb
-rw-r--r-- 1 clamav clamav 825902 Dec 29 18:52 daily.ndu
-rw-r--r-- 1 clamav clamav 4094 Dec 29 18:52 daily.pdb
-rw-r--r-- 1 clamav clamav 87 Dec 29 18:52 daily.sfp
-rw-r--r-- 1 clamav clamav 10095 Dec 29 18:52 daily.wdb
#
Permissions
# stat /var/lib/clamav
File: /var/lib/clamav
Size: 140 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 34724 Links: 1
Access: (0755/drwxr-xr-x) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-11-09 00:08:14.000000000 +0000
Modify: 2018-12-29 18:52:34.730766810 +0000
Change: 2018-12-29 18:52:34.730766810 +0000
Birth: -
# stat /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/
File: /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/
Size: 60 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 5762468 Links: 3
Access: (0700/drwx------) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-12-29 18:52:34.730766810 +0000
Modify: 2018-12-29 18:52:36.526807965 +0000
Change: 2018-12-29 18:52:36.526807965 +0000
Birth: -
# stat /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
File: /var/lib/clamav/clamav-328e85124dfde381c94634ab186d9a74.tmp/clamav-89bcca5f2b0dc8daab74d3ca26e8de63.tmp/
Size: 540 Blocks: 0 IO Block: 4096 directory
Device: 17h/23d Inode: 5762472 Links: 2
Access: (0700/drwx------) Uid: ( 109/ clamav) Gid: ( 113/ clamav)
Access: 2018-12-29 18:52:34.734766902 +0000
Modify: 2018-12-29 18:52:36.526807965 +0000
Change: 2018-12-29 18:52:36.526807965 +0000
Birth: -
#
Relevant mount points:
/dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=3287820k,mode=755)
/dev/sda1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
/dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
-- Package-specific info:
--- configuration ---
# Automatically created by the clamav-freshclam postinst
# Comments will get lost when you reconfigure the clamav-freshclam package
DatabaseOwner clamav
UpdateLogFile /var/log/clamav/freshclam.log
LogVerbose false
LogSyslog false
LogFacility LOG_LOCAL6
LogFileMaxSize 0
LogRotate true
LogTime true
Foreground false
Debug false
MaxAttempts 5
DatabaseDirectory /var/lib/clamav
DNSDatabaseInfo current.cvd.clamav.net
ConnectTimeout 30
ReceiveTimeout 30
TestDatabases yes
ScriptedUpdates yes
CompressLocalDatabase no
SafeBrowsing false
Bytecode true
NotifyClamd /etc/clamav/clamd.conf
# Check for new database 24 times a day
Checks 24
DatabaseMirror db.local.clamav.net
DatabaseMirror database.clamav.net
--- data dir ---
total 167496
-rw-r--r-- 1 clamav clamav 187426 Dec 25 23:37 bytecode.cvd
drwx------ 3 clamav clamav 60 Dec 29 18:52 clamav-328e85124dfde381c94634ab186d9a74.tmp
-rw-r--r-- 1 clamav clamav 53424829 Dec 25 23:37 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
-rw------- 1 clamav clamav 520 Dec 29 18:52 mirrors.dat
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.18.0-2-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.100.2+dfsg-2
ii debconf [debconf-2.0] 1.5.69
ii dpkg 1.19.2
ii libc6 2.28-2
ii libclamav7 0.100.2+dfsg-1
ii libssl1.1 1.1.1-2
ii logrotate 3.14.0-4
ii lsb-base 9.20170808
ii procps 2:3.3.15-2
ii ucf 3.0038
ii zlib1g 1:1.2.11.dfsg-1
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
ii apparmor 2.13.1-3+b1
pn clamav-docs <none>
-- debconf information:
clamav-freshclam/Bytecode: true
clamav-freshclam/PrivateMirror:
clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/update_interval: 24
clamav-freshclam/http_proxy:
clamav-freshclam/SafeBrowsing: false
clamav-freshclam/LogRotate: true
clamav-freshclam/internet_interface:
clamav-freshclam/NotifyClamd: true
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/proxy_user:
Witold Baryluk
Dec 29, 2018, 3:40:02 PM12/29/18
to
Package: clamav-freshclam
Followup-For: Bug #917648
Hi,
I didn't even know I had apparmor installed and enabled.
It looks it is by default on Debian, because libgtk or something depends
on apparmor and then it is automatically enabled. Or some package
suggests it and my apt by default probably install suggests or something.
(I mean, I did not explicitly asked apparmor to be installed AFAIK).
There are only few apparmor profiles, so it essentially affects only few
specific programs, like clamav (well it is nice to have it sandboxed of
course), so I never noticed apparmor even present.
I did:
1) aa-disable /usr/bin/freshclam
2) cleaning all temp files and downloaded cvd files
3) restarting clamav-freshclam
And it works, it updates a database, and removes temporary directory.
Reenableing it (aa-enforce), and restarting, bring old behaviour, even if
all databases are up to date, it creates an empty temporary directory
that is not removed when it finished update process.
Running with aa enabled, and running it manually under strace:
# strace -e 'trace=%file' /usr/bin/freshclam -d --foreground=true
...
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92456, ...}) = 0
openat(AT_FDCWD, "/var/log/clamav/freshclam.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 4
chdir("/var/lib/clamav") = 0
getcwd("/var/lib/clamav", 512) = 16
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92523, ...}) = 0
mkdir("/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", 0755) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=127, ...}) = 0
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92619, ...}) = 0
Sat Dec 29 20:23:34 2018 -> ClamAV update process started at Sat Dec 29 20:23:34 2018
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=73, ...}) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=73, ...}) = 0
openat(AT_FDCWD, "mirrors.dat", O_RDONLY) = 4
access("main.cvd", R_OK) = 0
access("main.cvd", R_OK) = 0
openat(AT_FDCWD, "main.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92705, ...}) = 0
Sat Dec 29 20:23:34 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
access("daily.cvd", R_OK) = 0
access("daily.cvd", R_OK) = 0
openat(AT_FDCWD, "daily.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92815, ...}) = 0
Sat Dec 29 20:23:34 2018 -> daily.cvd is up to date (version: 25250, sigs: 2193104, f-level: 63, builder: raynman)
access("safebrowsing.cvd", R_OK) = -1 ENOENT (No such file or directory)
access("safebrowsing.cld", R_OK) = -1 ENOENT (No such file or directory)
access("bytecode.cvd", R_OK) = 0
access("bytecode.cvd", R_OK) = 0
openat(AT_FDCWD, "bytecode.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92930, ...}) = 0
Sat Dec 29 20:23:34 2018 -> bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
openat(AT_FDCWD, "/var/lib/clamav/mirrors.dat", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 4
chmod("/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", 0700) = 0
openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied)
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=93037, ...}) = 0
No idea why it does a 'stat' of the log all the time (maybe log rotation
functionality), because it is in append mode, so it shouldn't be doing
this maybe.
Anyhow, you can see
openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY)
fails with permission denied message.
However, it doesn't even attempt to remove the directory in the case of
an error. That is a bug in the freshclam, not apparmor profile. (The
removal might still fail due to apparmor or other issues, like broken
file system, nfs mount, etc, but it does change the fact that clamav
should attempt to clean files and directory even on failure, and if it fails
to remove, emit a log message).
Permissions, owner and chown looks as expected and good:
drwx------ 2 clamav clamav 40 Dec 29 20:23 clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp
Regards,
Witold
drwx------ 3 clamav clamav 60 Dec 29 20:10 clamav-e4b5cfcec00bff7bbfb392c357acf318.tmp
clamav-freshclam/internet_interface:
clamav-freshclam/proxy_user:
clamav-freshclam/update_interval: 24
clamav-freshclam/PrivateMirror:
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/NotifyClamd: true
clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/Bytecode: true
Followup-For: Bug #917648
Hi,
I didn't even know I had apparmor installed and enabled.
It looks it is by default on Debian, because libgtk or something depends
on apparmor and then it is automatically enabled. Or some package
suggests it and my apt by default probably install suggests or something.
(I mean, I did not explicitly asked apparmor to be installed AFAIK).
There are only few apparmor profiles, so it essentially affects only few
specific programs, like clamav (well it is nice to have it sandboxed of
course), so I never noticed apparmor even present.
I did:
1) aa-disable /usr/bin/freshclam
2) cleaning all temp files and downloaded cvd files
3) restarting clamav-freshclam
And it works, it updates a database, and removes temporary directory.
Reenableing it (aa-enforce), and restarting, bring old behaviour, even if
all databases are up to date, it creates an empty temporary directory
that is not removed when it finished update process.
Running with aa enabled, and running it manually under strace:
# strace -e 'trace=%file' /usr/bin/freshclam -d --foreground=true
...
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92456, ...}) = 0
openat(AT_FDCWD, "/var/log/clamav/freshclam.log", O_WRONLY|O_CREAT|O_APPEND, 0666) = 3
openat(AT_FDCWD, "/etc/localtime", O_RDONLY|O_CLOEXEC) = 4
chdir("/var/lib/clamav") = 0
getcwd("/var/lib/clamav", 512) = 16
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92523, ...}) = 0
mkdir("/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", 0755) = 0
stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=127, ...}) = 0
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92619, ...}) = 0
Sat Dec 29 20:23:34 2018 -> ClamAV update process started at Sat Dec 29 20:23:34 2018
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=73, ...}) = 0
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 4
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 4
stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=73, ...}) = 0
openat(AT_FDCWD, "mirrors.dat", O_RDONLY) = 4
access("main.cvd", R_OK) = 0
access("main.cvd", R_OK) = 0
openat(AT_FDCWD, "main.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92705, ...}) = 0
Sat Dec 29 20:23:34 2018 -> main.cvd is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
access("daily.cvd", R_OK) = 0
access("daily.cvd", R_OK) = 0
openat(AT_FDCWD, "daily.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92815, ...}) = 0
Sat Dec 29 20:23:34 2018 -> daily.cvd is up to date (version: 25250, sigs: 2193104, f-level: 63, builder: raynman)
access("safebrowsing.cvd", R_OK) = -1 ENOENT (No such file or directory)
access("safebrowsing.cld", R_OK) = -1 ENOENT (No such file or directory)
access("bytecode.cvd", R_OK) = 0
access("bytecode.cvd", R_OK) = 0
openat(AT_FDCWD, "bytecode.cvd", O_RDONLY) = 4
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=92930, ...}) = 0
Sat Dec 29 20:23:34 2018 -> bytecode.cvd is up to date (version: 327, sigs: 91, f-level: 63, builder: neo)
openat(AT_FDCWD, "/var/lib/clamav/mirrors.dat", O_WRONLY|O_CREAT|O_TRUNC, 0600) = 4
chmod("/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", 0700) = 0
openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied)
stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=93037, ...}) = 0
No idea why it does a 'stat' of the log all the time (maybe log rotation
functionality), because it is in append mode, so it shouldn't be doing
this maybe.
Anyhow, you can see
openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY)
fails with permission denied message.
However, it doesn't even attempt to remove the directory in the case of
an error. That is a bug in the freshclam, not apparmor profile. (The
removal might still fail due to apparmor or other issues, like broken
file system, nfs mount, etc, but it does change the fact that clamav
should attempt to clean files and directory even on failure, and if it fails
to remove, emit a log message).
Permissions, owner and chown looks as expected and good:
drwx------ 2 clamav clamav 40 Dec 29 20:23 clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp
Regards,
Witold
-rw-r--r-- 1 clamav clamav 53424829 Dec 25 23:37 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
-rw------- 1 clamav clamav 520 Dec 29 20:10 mirrors.dat
-rw-r--r-- 1 clamav clamav 117892267 Dec 25 23:37 main.cvd
clamav-freshclam/proxy_user:
clamav-freshclam/update_interval: 24
clamav-freshclam/PrivateMirror:
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/NotifyClamd: true
clamav-freshclam/autoupdate_freshclam: daemon
clamav-freshclam/Bytecode: true
Sebastian Andrzej Siewior
Jan 2, 2019, 5:00:03 PM1/2/19
to
On 2018-12-29 20:28:23 [+0000], Witold Baryluk wrote:
> It looks it is by default on Debian, because libgtk or something depends
> on apparmor and then it is automatically enabled. Or some package
> suggests it and my apt by default probably install suggests or something.
that and the fact that apparmor is enabled by default in the kernel.
> It looks it is by default on Debian, because libgtk or something depends
> on apparmor and then it is automatically enabled. Or some package
> suggests it and my apt by default probably install suggests or something.
Earlier, the default was what you can achieve now if add
apparmor=0
to the kernel command line (disable kernel support for apparmor).
> I did:
>
> 1) aa-disable /usr/bin/freshclam
> And it works, it updates a database, and removes temporary directory.
perfect. So it works in general but the apparmor profile lacks some
permissions.
> Reenableing it (aa-enforce), and restarting, bring old behaviour, even if
> all databases are up to date, it creates an empty temporary directory
> that is not removed when it finished update process.
> openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = -1 EACCES (Permission denied)
> stat("/var/log/clamav/freshclam.log", {st_mode=S_IFREG|0640, st_size=93037, ...}) = 0
>
>
> No idea why it does a 'stat' of the log all the time (maybe log rotation
> functionality), because it is in append mode, so it shouldn't be doing
> this maybe.
>
> Anyhow, you can see
>
> openat(AT_FDCWD, "/var/lib/clamav/clamav-b2d56c174f79ecbf7d1264dd93f6fc1e.tmp", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY)
>
> fails with permission denied message.
>
> However, it doesn't even attempt to remove the directory in the case of
> an error. That is a bug in the freshclam, not apparmor profile. (The
> removal might still fail due to apparmor or other issues, like broken
> file system, nfs mount, etc, but it does change the fact that clamav
> should attempt to clean files and directory even on failure, and if it fails
> to remove, emit a log message).
cleaning up part then it should be followed by unlinkat(2) if the
openat(2) would not fail.
"dmesg" should give you the output you look for. Like "apparmor: denied
$this because of $reason".
Looking at the profile it should allow creating and removing
files/directories below /var/lib/clamav/. But then it only allows
reading in /var/lib/clamav and there are cvd written so I miss
something.
Anyway, I have currently no access to box due to vacation time. I will
take a look next week. I would suggest you to remove the freshclam
apparmor profile if you want to use apparmor but it seems you do not
rely on it.
> Regards,
> Witold
Sebastian
Sebastian Andrzej Siewior
Jan 8, 2019, 6:00:02 PM1/8/19
to
On 2019-01-02 22:50:32 [+0100], To Witold Baryluk wrote:
> "dmesg" should give you the output you look for. Like "apparmor: denied
> $this because of $reason".
Could you please send me the dmesg output for your failure? I have an
> "dmesg" should give you the output you look for. Like "apparmor: denied
> $this because of $reason".
up-to-date sid system here with enabled apparmor and I can't reproduce
the problem. All I see is:
| audit: type=1400 audit(1546987681.334:13): apparmor="DENIED" operation="open" profile="/usr/sbin/clamd" name="/etc/ssl/openssl.cnf" pid=2408 comm="clamd" requested_mask="r" denied_mask="r" fsuid=102 ouid=0
| audit: type=1400 audit(1546987714.594:14): apparmor="DENIED" operation="open" profile="/usr/bin/freshclam" name="/etc/ssl/openssl.cnf" pid=2454 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
and the logfile says:
|-> freshclam daemon 0.100.2 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
|-> WARNING: Your ClamAV installation is OUTDATED!
|-> WARNING: Local version: 0.100.2 Recommended version: 0.101.1
|-> DON'T PANIC! Read https://www.clamav.net/documents/upgrading-clamav
|-> main.cld is up to date (version: 58, sigs: 4566249, f-level: 60, builder: sigmgr)
|-> nonblock_connect: connect(): fd=4 errno=101: Network is unreachable
|-> Can't connect to port 80 of host db.local.clamav.net (IP: 2606:4700::6810:ba8a)
|-> Downloading daily-25281.cdiff [100%]
|-> daily.cld updated (version: 25281, sigs: 2202390, f-level: 63, builder: raynman)
|-> bytecode.cld is up to date (version: 328, sigs: 94, f-level: 63, builder: neo)
|-> Database updated (6768733 signatures) from db.local.clamav.net (IP: 104.16.186.138)
|-> Clamd successfully notified about the update.
so it works…
Sebastian
Witold Baryluk
Jan 9, 2019, 3:10:03 AM1/9/19
to
Package: clamav-freshclam
Version: 0.100.2+dfsg-2
Followup-For: Bug #917648
I update my system to latest testing, and the freshclam version is the
same as in unstable, still the same issues.
Here is dmesg output for the latest run:
[129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
[129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
[129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
It appears this is somehow related to overlay or tmpfs
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
total 167852
-rw-r--r-- 1 clamav clamav 199693 Jan 7 20:16 bytecode.cvd
drwx------ 3 clamav clamav 60 Jan 8 23:17 clamav-034a5cf47b07a301e154a4c78e938556.tmp
drwx------ 3 clamav clamav 60 Jan 8 07:16 clamav-045e31163f2e6c13fd48c29516e37af0.tmp
drwx------ 3 clamav clamav 60 Jan 9 07:18 clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp
drwx------ 3 clamav clamav 60 Jan 8 00:16 clamav-109bf0408f7ab155e2d0b19c0aac56b4.tmp
drwx------ 3 clamav clamav 60 Jan 8 15:16 clamav-1b371db04116f69873981b20a859ef04.tmp
drwx------ 3 clamav clamav 60 Jan 8 20:17 clamav-1d581117d3cab8725aaa93118d0da545.tmp
drwx------ 3 clamav clamav 60 Jan 7 23:15 clamav-2850a872b7cbae0140a144f261637e50.tmp
drwx------ 3 clamav clamav 60 Jan 8 18:17 clamav-298007baec8842efd7eed387b1452010.tmp
drwx------ 3 clamav clamav 60 Jan 8 21:17 clamav-2b1a5e7b747611978a258cddab2395bb.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:15 clamav-2b68b9bbe5c90d4858db70263f7787bc.tmp
drwx------ 2 clamav clamav 40 Jan 7 21:15 clamav-4130097245a7c3482e4f3e65fe940a40.tmp
drwx------ 3 clamav clamav 60 Jan 9 01:17 clamav-43a3c27a140e218632a8365a5dc18724.tmp
drwx------ 3 clamav clamav 60 Jan 8 06:16 clamav-44e9c976a8a5c8c21bfe92f0f4e8202a.tmp
drwx------ 3 clamav clamav 60 Jan 8 02:16 clamav-483b1109d3544c8651d24a44b9bdd5e5.tmp
drwx------ 3 clamav clamav 60 Jan 8 11:16 clamav-4cb2f409b8c90581a88e58268b527030.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:16 clamav-5eaa98658c7e0d82e2b438a808bad251.tmp
drwx------ 3 clamav clamav 60 Jan 8 22:17 clamav-5f93dc3fcb054175a020bb01b05be21a.tmp
drwx------ 3 clamav clamav 60 Jan 8 08:16 clamav-688ac11da8918075282b1eb430b7aedd.tmp
drwx------ 3 clamav clamav 60 Jan 9 06:18 clamav-6da788c3530a8842f83b173bdc929740.tmp
drwx------ 3 clamav clamav 60 Jan 9 03:17 clamav-6f7bc87124603bc53d8dc6bd493b2a47.tmp
drwx------ 3 clamav clamav 60 Jan 8 17:17 clamav-7315b16779b16e409dce0057fc54796b.tmp
drwx------ 3 clamav clamav 60 Jan 8 01:16 clamav-75a542833f18f25d22a80945a37b903f.tmp
drwx------ 3 clamav clamav 60 Jan 9 04:17 clamav-75afd7715aa9d9dc3a34c4d3c6fd929d.tmp
drwx------ 3 clamav clamav 60 Jan 8 19:17 clamav-80582df62ac173c2bfd7889baa8a2218.tmp
drwx------ 3 clamav clamav 60 Jan 8 10:16 clamav-97121cab1f4e672c233791828bb59830.tmp
drwx------ 3 clamav clamav 60 Jan 9 00:17 clamav-a056c8a7f01780c58ba4fc46d509793f.tmp
drwx------ 3 clamav clamav 60 Jan 9 05:18 clamav-a170a0529aac2a2124e358b653319cd8.tmp
drwx------ 3 clamav clamav 60 Jan 8 05:16 clamav-a7314dd916ebe666e5b1a5447122d344.tmp
drwx------ 3 clamav clamav 60 Jan 8 12:16 clamav-ad19802fc87fb6e1a5dfd0c1f92f00b5.tmp
drwx------ 3 clamav clamav 60 Jan 8 04:16 clamav-aee18879b717e443e719d3d917723eca.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:15 clamav-b325108329d46b9d3e7e9ad6939954b2.tmp
drwx------ 2 clamav clamav 40 Jan 7 22:15 clamav-b4b16ddd0751a0397b643626f5c10ea3.tmp
drwx------ 3 clamav clamav 60 Jan 8 16:17 clamav-b98e0248eb3051852ec632469f655596.tmp
drwx------ 3 clamav clamav 60 Jan 8 03:16 clamav-c3e65ef1d16c4af82f91d25acbf21150.tmp
drwx------ 2 clamav clamav 40 Jan 7 19:15 clamav-da59442bed153265dc961cacb7bb2b81.tmp
drwx------ 3 clamav clamav 60 Jan 8 14:16 clamav-dba721e9a85a165094b4a6d99905aa66.tmp
drwx------ 3 clamav clamav 60 Jan 9 02:17 clamav-deef5fedc79b4ee3714c4c346efb8076.tmp
drwx------ 3 clamav clamav 60 Jan 8 13:16 clamav-e958d419c58c956f6b9f55eae3c944d8.tmp
drwx------ 3 clamav clamav 60 Jan 8 09:16 clamav-f7d166e7a1a76116b730f9c62511c7a8.tmp
-rw-r--r-- 1 clamav clamav 53776806 Jan 7 20:16 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Jan 7 20:16 main.cvd
-rw------- 1 clamav clamav 520 Jan 9 07:18 mirrors.dat
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/32 CPU cores)
ii libssl1.1 1.1.1a-1
ii logrotate 3.14.0-4
ii lsb-base 10.2018112800
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
clamav-freshclam/NotifyClamd: true
clamav-freshclam/Bytecode: true
clamav-freshclam/LogRotate: true
clamav-freshclam/update_interval: 24
clamav-freshclam/internet_interface:
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/SafeBrowsing: false
clamav-freshclam/PrivateMirror:
clamav-freshclam/http_proxy:
clamav-freshclam/autoupdate_freshclam: daemon
Version: 0.100.2+dfsg-2
Followup-For: Bug #917648
I update my system to latest testing, and the freshclam version is the
same as in unstable, still the same issues.
Here is dmesg output for the latest run:
[129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
[129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
[129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
It appears this is somehow related to overlay or tmpfs
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
/dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
/dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
-rw-r--r-- 1 clamav clamav 199693 Jan 7 20:16 bytecode.cvd
drwx------ 3 clamav clamav 60 Jan 8 23:17 clamav-034a5cf47b07a301e154a4c78e938556.tmp
drwx------ 3 clamav clamav 60 Jan 8 07:16 clamav-045e31163f2e6c13fd48c29516e37af0.tmp
drwx------ 3 clamav clamav 60 Jan 9 07:18 clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp
drwx------ 3 clamav clamav 60 Jan 8 00:16 clamav-109bf0408f7ab155e2d0b19c0aac56b4.tmp
drwx------ 3 clamav clamav 60 Jan 8 15:16 clamav-1b371db04116f69873981b20a859ef04.tmp
drwx------ 3 clamav clamav 60 Jan 8 20:17 clamav-1d581117d3cab8725aaa93118d0da545.tmp
drwx------ 3 clamav clamav 60 Jan 7 23:15 clamav-2850a872b7cbae0140a144f261637e50.tmp
drwx------ 3 clamav clamav 60 Jan 8 18:17 clamav-298007baec8842efd7eed387b1452010.tmp
drwx------ 3 clamav clamav 60 Jan 8 21:17 clamav-2b1a5e7b747611978a258cddab2395bb.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:15 clamav-2b68b9bbe5c90d4858db70263f7787bc.tmp
drwx------ 2 clamav clamav 40 Jan 7 21:15 clamav-4130097245a7c3482e4f3e65fe940a40.tmp
drwx------ 3 clamav clamav 60 Jan 9 01:17 clamav-43a3c27a140e218632a8365a5dc18724.tmp
drwx------ 3 clamav clamav 60 Jan 8 06:16 clamav-44e9c976a8a5c8c21bfe92f0f4e8202a.tmp
drwx------ 3 clamav clamav 60 Jan 8 02:16 clamav-483b1109d3544c8651d24a44b9bdd5e5.tmp
drwx------ 3 clamav clamav 60 Jan 8 11:16 clamav-4cb2f409b8c90581a88e58268b527030.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:16 clamav-5eaa98658c7e0d82e2b438a808bad251.tmp
drwx------ 3 clamav clamav 60 Jan 8 22:17 clamav-5f93dc3fcb054175a020bb01b05be21a.tmp
drwx------ 3 clamav clamav 60 Jan 8 08:16 clamav-688ac11da8918075282b1eb430b7aedd.tmp
drwx------ 3 clamav clamav 60 Jan 9 06:18 clamav-6da788c3530a8842f83b173bdc929740.tmp
drwx------ 3 clamav clamav 60 Jan 9 03:17 clamav-6f7bc87124603bc53d8dc6bd493b2a47.tmp
drwx------ 3 clamav clamav 60 Jan 8 17:17 clamav-7315b16779b16e409dce0057fc54796b.tmp
drwx------ 3 clamav clamav 60 Jan 8 01:16 clamav-75a542833f18f25d22a80945a37b903f.tmp
drwx------ 3 clamav clamav 60 Jan 9 04:17 clamav-75afd7715aa9d9dc3a34c4d3c6fd929d.tmp
drwx------ 3 clamav clamav 60 Jan 8 19:17 clamav-80582df62ac173c2bfd7889baa8a2218.tmp
drwx------ 3 clamav clamav 60 Jan 8 10:16 clamav-97121cab1f4e672c233791828bb59830.tmp
drwx------ 3 clamav clamav 60 Jan 9 00:17 clamav-a056c8a7f01780c58ba4fc46d509793f.tmp
drwx------ 3 clamav clamav 60 Jan 9 05:18 clamav-a170a0529aac2a2124e358b653319cd8.tmp
drwx------ 3 clamav clamav 60 Jan 8 05:16 clamav-a7314dd916ebe666e5b1a5447122d344.tmp
drwx------ 3 clamav clamav 60 Jan 8 12:16 clamav-ad19802fc87fb6e1a5dfd0c1f92f00b5.tmp
drwx------ 3 clamav clamav 60 Jan 8 04:16 clamav-aee18879b717e443e719d3d917723eca.tmp
drwx------ 2 clamav clamav 40 Jan 7 20:15 clamav-b325108329d46b9d3e7e9ad6939954b2.tmp
drwx------ 2 clamav clamav 40 Jan 7 22:15 clamav-b4b16ddd0751a0397b643626f5c10ea3.tmp
drwx------ 3 clamav clamav 60 Jan 8 16:17 clamav-b98e0248eb3051852ec632469f655596.tmp
drwx------ 3 clamav clamav 60 Jan 8 03:16 clamav-c3e65ef1d16c4af82f91d25acbf21150.tmp
drwx------ 2 clamav clamav 40 Jan 7 19:15 clamav-da59442bed153265dc961cacb7bb2b81.tmp
drwx------ 3 clamav clamav 60 Jan 8 14:16 clamav-dba721e9a85a165094b4a6d99905aa66.tmp
drwx------ 3 clamav clamav 60 Jan 9 02:17 clamav-deef5fedc79b4ee3714c4c346efb8076.tmp
drwx------ 3 clamav clamav 60 Jan 8 13:16 clamav-e958d419c58c956f6b9f55eae3c944d8.tmp
drwx------ 3 clamav clamav 60 Jan 8 09:16 clamav-f7d166e7a1a76116b730f9c62511c7a8.tmp
-rw-r--r-- 1 clamav clamav 53776806 Jan 7 20:16 daily.cvd
-rw-r--r-- 1 clamav clamav 117892267 Jan 7 20:16 main.cvd
-rw------- 1 clamav clamav 520 Jan 9 07:18 mirrors.dat
-- System Information:
Debian Release: buster/sid
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/32 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.100.2+dfsg-2
ii debconf [debconf-2.0] 1.5.69
ii dpkg 1.19.2
ii libc6 2.28-2
ii libclamav7 0.100.2+dfsg-2
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages clamav-freshclam depends on:
ii clamav-base 0.100.2+dfsg-2
ii debconf [debconf-2.0] 1.5.69
ii dpkg 1.19.2
ii libc6 2.28-2
ii libssl1.1 1.1.1a-1
ii logrotate 3.14.0-4
ii lsb-base 10.2018112800
ii procps 2:3.3.15-2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-1
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
ii apparmor 2.13.2-3
clamav-freshclam recommends no packages.
Versions of packages clamav-freshclam suggests:
pn clamav-docs <none>
-- debconf information:
clamav-freshclam/proxy_user:
-- debconf information:
clamav-freshclam/NotifyClamd: true
clamav-freshclam/Bytecode: true
clamav-freshclam/LogRotate: true
clamav-freshclam/update_interval: 24
clamav-freshclam/internet_interface:
clamav-freshclam/local_mirror: db.local.clamav.net
clamav-freshclam/SafeBrowsing: false
clamav-freshclam/PrivateMirror:
clamav-freshclam/http_proxy:
clamav-freshclam/autoupdate_freshclam: daemon
Sebastian Andrzej Siewior
Jan 9, 2019, 5:50:04 PM1/9/19
to
On 2019-01-09 08:01:47 [+0000], Witold Baryluk wrote:
intrigeri, halp :) The good news is that I addressed the other two
apparmor related bugs. Now, I got a new one that reached my capacity:
> Here is dmesg output for the latest run:
>
> [129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
>
>
> It appears this is somehow related to overlay or tmpfs
>
> tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
> overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
> tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
So the rules are correct in general but due to the overlay the pathname
gets a rw at the front of the path.
Is there something I need to include to profile or is this something
that is not supported?
Sebastian
intrigeri, halp :) The good news is that I addressed the other two
apparmor related bugs. Now, I got a new one that reached my capacity:
> Here is dmesg output for the latest run:
>
> [129772.521856] audit: type=1400 audit(1547018290.209:137): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521920] audit: type=1400 audit(1547018290.209:138): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp/clamav-518334e079d58dabbb7a3fab5d785ae3.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
> [129772.521952] audit: type=1400 audit(1547018290.209:139): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/bin/freshclam" name="rw/var/lib/clamav/clamav-04b5173347cb0c1d9e2ea3e4368bb16e.tmp" pid=1788 comm="freshclam" requested_mask="r" denied_mask="r" fsuid=110 ouid=110
>
>
> It appears this is somehow related to overlay or tmpfs
>
> tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /run/live/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /run/live/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /run/live/overlay type tmpfs (rw,noatime,mode=755)
> overlay on / type overlay (rw,noatime,lowerdir=/run/live/rootfs/filesystem.squashfs/,upperdir=/run/live/overlay/rw,workdir=/run/live/overlay/work)
> tmpfs on /usr/lib/live/mount type tmpfs (rw,nosuid,noexec,relatime,size=6590668k,mode=755)
> /dev/sda1 on /usr/lib/live/mount/medium type iso9660 (ro,noatime,nojoliet,check=s,map=n,blocksize=2048)
> /dev/loop0 on /usr/lib/live/mount/rootfs/filesystem.squashfs type squashfs (ro,noatime)
> tmpfs on /usr/lib/live/mount/overlay type tmpfs (rw,noatime,mode=755)
gets a rw at the front of the path.
Is there something I need to include to profile or is this something
that is not supported?
Sebastian
Vincas Dargis
Jan 10, 2019, 12:40:04 PM1/10/19
to
On Wed, 9 Jan 2019 23:44:56 +0100 Sebastian Andrzej Siewior <seba...@breakpoint.cc> wrote:
> > It appears this is somehow related to overlay or tmpfs
Try changing:
> > It appears this is somehow related to overlay or tmpfs
```
/usr/bin/freshclam {
```
Into:
```
/usr/bin/freshclam flags=(attach_disconnected) {
```
Sebastian Andrzej Siewior
Jan 10, 2019, 5:40:03 PM1/10/19
to
Sebastian
intrigeri
Jan 27, 2019, 10:00:02 AM1/27/19
to
Hi,
Sebastian Andrzej Siewior:
Indeed, unionfs in general are pretty poorly supported by AppArmor at
the moment. Adding the attach_disconnected flag, as suggested by
Vincas, often helps, but it's not always sufficient.
To make AppArmor work with aufs, in Tails we need quite a few custom
tricks; and overlayfs will need yet another set of tricks.
Cheers,
--
intrigeri
Sebastian Andrzej Siewior:
the moment. Adding the attach_disconnected flag, as suggested by
Vincas, often helps, but it's not always sufficient.
To make AppArmor work with aufs, in Tails we need quite a few custom
tricks; and overlayfs will need yet another set of tricks.
Cheers,
--
intrigeri
0 new messages