Update to 2.2.16: Freshclam (and Spamassassin) messing with permissions

Discussion in 'General' started by Telesat, Sep 12, 2007.

  1. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    [Solved] Update to 2.2.16: Freshclam (and Spamassassin) messing with permissions

    Ubuntu 7.04 server 32bit with perfect setup.

    Since I updated to 2.2.16, freshclam updates won't obey the order to fix permissions, which is in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf:

    Code:
    OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'
    So I have to manually change them or clamscan will fail (error 50)... why might it be happening?

    Spamassassin was not working either due to permissions after the update: I had to chmod 755 /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver as it was 700, but fortunately it is not a periodically annoying as freshclam is.

    I thought that it could be related to my use of dash instead of bash, but went back to bash and it is still happening.

    Thanks for helping me to figure out what is happening with freshclam updates!
     
    Last edited: Sep 13, 2007
  2. falko

    falko Super Moderator ISPConfig Developer

    Any errors in your logs?

    I'd still use bash.
     
  3. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    I thought that this would be happpening in every installation, that's why I didn't give so much details.

    Normal logs are OK, no errors there:

    Code:
    /var/log/syslog:
    
    Sep 12 21:51:07 bombo freshclam[9102]: Received signal: wake up
    Sep 12 21:51:07 bombo freshclam[9102]: ClamAV update process started at Wed Sep 12 21:51:07 2007
    Sep 12 21:51:07 bombo freshclam[9102]: main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
    Sep 12 21:51:07 bombo freshclam[9102]: Downloading daily-4257.cdiff [100%]
    Sep 12 21:51:07 bombo freshclam[9102]: Downloading daily-4258.cdiff [100%]
    Sep 12 21:51:07 bombo freshclam[9102]: daily.inc updated (version: 4258, sigs: 18965, f-level: 21, builder: ccordes)
    Sep 12 21:51:07 bombo freshclam[9102]: Database updated (152128 signatures) from database.clamav.net (IP: 64.186.240.114
    )
    Sep 12 21:51:07 bombo freshclam[9102]: --------------------------------------
    
    I have enabled LogVerbose and Debug in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf

    I've been using dash for a while (since ispconfig 2.2.12) and everything has been working right, but I agree with you: I'll continue with bash.
     
    Last edited: Sep 13, 2007
  4. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Verbose Log says nothing

    UPDATE: I have set "LogVerbose 1" and "Debug 1" in /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf but logs say nothing about failing to change permissions:

    Code:
    /var/log/syslog:
    
    Sep 13 02:21:21 bombo freshclam[18672]: Current working dir is /home/admispconfig/ispconfig/tools/clamav/share/clamav
    Sep 13 02:21:21 bombo freshclam[18673]: freshclam daemon 0.91.2 (OS: linux-gnu, ARCH: i386, CPU: i686)
    Sep 13 02:21:21 bombo freshclam[18673]: Max retries == 3
    Sep 13 02:21:21 bombo freshclam[18673]: ClamAV update process started at Thu Sep 13 02:21:21 2007
    Sep 13 02:21:21 bombo freshclam[18673]: Querying current.cvd.clamav.net
    Sep 13 02:21:22 bombo freshclam[18673]: TTL: 300
    Sep 13 02:21:22 bombo freshclam[18673]: Software version from DNS: 0.91.2
    Sep 13 02:21:22 bombo freshclam[18673]: main.cvd version from DNS: 44
    Sep 13 02:21:22 bombo freshclam[18673]: main.cvd is up to date (version: 44, sigs: 133163, f-level: 20, builder: sven)
    Sep 13 02:21:22 bombo freshclam[18673]: daily.cvd version from DNS: 4260
    Sep 13 02:21:22 bombo freshclam[18673]: Retrieving http://database.clamav.net/daily-4259.cdiff
    Sep 13 02:21:23 bombo freshclam[18673]: Trying to download http://database.clamav.net/daily-4259.cdiff (IP: 64.186.240.114)
    Sep 13 02:21:23 bombo freshclam[18673]: Downloading daily-4259.cdiff [100%]
    Sep 13 02:21:23 bombo freshclam[18673]: cdiff_apply: Parsed 13 lines and executed 13 commands
    Sep 13 02:21:23 bombo freshclam[18673]: Retrieving http://database.clamav.net/daily-4260.cdiff
    Sep 13 02:21:23 bombo freshclam[18673]: Trying to download http://database.clamav.net/daily-4260.cdiff (IP: 64.186.240.114)
    Sep 13 02:21:23 bombo freshclam[18673]: Downloading daily-4260.cdiff [100%]
    Sep 13 02:21:23 bombo freshclam[18673]: cdiff_apply: Parsed 32 lines and executed 32 commands
    Sep 13 02:21:23 bombo freshclam[18673]: Removing backup directory ./clamav-8ba00776de142d84f7ef1d1dc1811277
    Sep 13 02:21:23 bombo freshclam[18673]: daily.inc updated (version: 4260, sigs: 18992, f-level: 21, builder: ccordes)
    Sep 13 02:21:23 bombo freshclam[18673]: Database updated (152155 signatures) from database.clamav.net (IP: 64.186.240.114)
    Sep 13 02:21:23 bombo freshclam[18673]: --------------------------------------
    After this succesful update, permissions of modified files in daily.inc are wrong again (600).

    Thanks for your tips!
     
  5. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Cause found?

    Hello, I think I've found the possible cause for freshclam permissions problem. This message explains how daily.cvd and daily.inc behave:

    http://lurker.clamav.net/message/20070713.195009.709efb60.en.html

    So, I guess that the order present in OnUpdateExecute from freshclam.conf actually executes before daily.inc has been completely decompressed.

    I have changed it from:

    Code:
    OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'
    to:

    Code:
    OnUpdateExecute 'sleep 5 && chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'
    I'll keep this post updated with the result of this action.

    On the other hand, my spamassassin did not work since the update until I chmoded 755 /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver (it had been changed 700), can you please tell me what your permissions are for this file?

    Thanks!
     
  6. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Not solved yet

    The sleep command did NOT work, so I'm trying to change the permissions by invoking a script that I created in clamav/bin/
     
  7. Telesat

    Telesat ISPConfig Developer ISPConfig Developer

    Solved, but I think that it needs to be fixed in next ISPConfig release

    Finally I managed to find it out:

    OnUpdateExecute is not accepting commands with multiple arguments. I arrived to this conclusion after creating the script /home/admispconfig/ispconfig/tools/clamav/bin/OnUpdateFreshclam, which just changes the permissions:

    Code:
    #!/bin/sh
    chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav
    then I chmoded it +x and changed OnUpdateExecute in the file /home/admispconfig/ispconfig/tools/clamav/etc/freshclam.conf from:

    Code:
    OnUpdateExecute 'chmod -R 755 /home/admispconfig/ispconfig/tools/clamav/share/clamav'
    to

    Code:
    OnUpdateExecute '/home/admispconfig/ispconfig/tools/clamav/bin/OnUpdateFreshclam'
    Now it works perfectly, I have tested it with real freshclam updates.

    I think this should be changed in future ISPConfig releases.

    I'd like to have some feedback about this issue in your machines, and also about the default permissions for /home/admispconfig/ispconfig/tools/tcpserver/ispconfig_tcpserver and its relation with spamassassin.
     
    Last edited: Sep 13, 2007

Share This Page