Ubuntu 7.04 server 32bit with perfect setup.

Since I updated to 2.2.16, freshclam updates won't obey the order to fix permissions, which is in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf:

OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'

So I have to manually change them or clamscan will fail (error 50)... why might it be happening?

Spamassassin was not working either due to permissions after the update: I had to chmod 755 /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver as it was 700, but fortunately it is not a periodically annoying as freshclam is.

I thought that it could be related to my use of dash instead of bash, but went back to bash and it is still happening.

Thanks for helping me to figure out what is happening with freshclam updates!

Any errors in your logs?


I thought that it could be related to my use of dash instead of bash, but went back to bash and it is still happening.

I'd still use bash.

I thought that this would be happpening in every installation, that's why I didn't give so much details.

Normal logs are OK, no errors there:

/var/log/syslog:

Sep 12 21:51:07 bombo freshclam[9102]: Received signal: wake up
Sep 12 21:51:07 bombo freshclam[9102]: ClamAV update process started at Wed Sep 12 21:51:07 2007
Sep 12 21:51:07 bombo freshclam[9102]: main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Sep 12 21:51:07 bombo freshclam[9102]: Downloading daily-4257.cdiff [100%]
Sep 12 21:51:07 bombo freshclam[9102]: Downloading daily-4258.cdiff [100%]
Sep 12 21:51:07 bombo freshclam[9102]: daily.inc updated (version: 4258, sigs: 18965, f-level: 21, builder: ccordes)
Sep 12 21:51:07 bombo freshclam[9102]: Database updated (152128 signatures) from database.clamav.net (IP: 64.186.240.114
)
Sep 12 21:51:07 bombo freshclam[9102]: --------------------------------------


I have enabled LogVerbose and Debug in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf

I've been using dash for a while (since ispconfig 2.2.12) and everything has been working right, but I agree with you: I'll continue with bash.

UPDATE: I have set "LogVerbose 1" and "Debug 1" in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf but logs say nothing about failing to change permissions:


/var/log/syslog:

Sep 13 02:21:21 bombo freshclam[18672]: Current working dir is /home/admispconfig/ispconfig/tools/clamav/share/clamav
Sep 13 02:21:21 bombo freshclam[18673]: freshclam daemon 0.91.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
Sep 13 02:21:21 bombo freshclam[18673]: Max retries == 3
Sep 13 02:21:21 bombo freshclam[18673]: ClamAV update process started at Thu Sep 13 02:21:21 2007
Sep 13 02:21:21 bombo freshclam[18673]: Querying current.cvd.clamav.net
Sep 13 02:21:22 bombo freshclam[18673]: TTL: 300
Sep 13 02:21:22 bombo freshclam[18673]: Software version from DNS: 0.91.2
Sep 13 02:21:22 bombo freshclam[18673]: main.cvd version from DNS: 44
Sep 13 02:21:22 bombo freshclam[18673]: main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
Sep 13 02:21:22 bombo freshclam[18673]: daily.cvd version from DNS: 4260
Sep 13 02:21:22 bombo freshclam[18673]: Retrieving http://database.clamav.net/daily-4259.cdiff
Sep 13 02:21:23 bombo freshclam[18673]: Trying to download http://database.clamav.net/daily-4259.cdiff (IP: 64.186.240.114)
Sep 13 02:21:23 bombo freshclam[18673]: Downloading daily-4259.cdiff [100%]
Sep 13 02:21:23 bombo freshclam[18673]: cdiff_apply: Parsed 13 lines and executed 13 commands
Sep 13 02:21:23 bombo freshclam[18673]: Retrieving http://database.clamav.net/daily-4260.cdiff
Sep 13 02:21:23 bombo freshclam[18673]: Trying to download http://database.clamav.net/daily-4260.cdiff (IP: 64.186.240.114)
Sep 13 02:21:23 bombo freshclam[18673]: Downloading daily-4260.cdiff [100%]
Sep 13 02:21:23 bombo freshclam[18673]: cdiff_apply: Parsed 32 lines and executed 32 commands
Sep 13 02:21:23 bombo freshclam[18673]: Removing backup directory ./clamav-8ba00776de142d84f7ef1d1dc1811277
Sep 13 02:21:23 bombo freshclam[18673]: daily.inc updated (version: 4260, sigs: 18992, f-level: 21, builder: ccordes)
Sep 13 02:21:23 bombo freshclam[18673]: Database updated (152155 signatures) from database.clamav.net (IP: 64.186.240.114)
Sep 13 02:21:23 bombo freshclam[18673]: --------------------------------------

After this succesful update, permissions of modified files in daily.inc are wrong again (600).

Thanks for your tips!

Hello, I think I've found the possible cause for freshclam permissions problem. This message explains how daily.cvd and daily.inc behave:

http://lurker.clamav.net/message/20070713.195009.709efb60.en.html

So, I guess that the order present in OnUpdateExecute from freshclam.conf actually executes before daily.inc has been completely decompressed.

I have changed it from:

OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'

to:

OnUpdateExecute 'sleep 5 && chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'

I'll keep this post updated with the result of this action.

On the other hand, my spamassassin did not work since the update until I chmoded 755 /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver (it had been changed 700), can you please tell me what your permissions are for this file?

Thanks!

The sleep command did NOT work, so I'm trying to change the permissions by invoking a script that I created in clamav/bin/

Finally I managed to find it out:

OnUpdateExecute is not accepting commands with multiple arguments. I arrived to this conclusion after creating the script /home/admispconfig/ispconfig/tools/clamav/bin/OnUpdateFreshclam, which just changes the permissions:

#!/bin/sh
chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav

then I chmoded it +x and changed OnUpdateExecute in the file /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf from:

OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'

to


OnUpdateExecute '/home/admispconfig/ispconfig/tools/clamav/bin/OnUpdateFreshclam'

Now it works perfectly, I have tested it with real freshclam updates.

I think this should be changed in future ISPConfig releases.

I'd like to have some feedback about this issue in your machines, and also about the default permissions for /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver and its relation with spamassassin.