0

I've run into a weird problem with ClamAV that I have been unable to resolve, due to a incredibly non-informative error message.

I've installed ClamAV via aptitude on an Ubuntu box (ClamAV 0.96.5/13202 according to the system) up on EC2 and it is 100% stock. We have an additional drive mounted under /mnt where we put all our log files.

When I start it up with the log files in the default location, it runs just fine. However, if I change the configuration file from /var/log/clamav/clamav.log to /mnt/clamav/clamav.log I get the error 

ERROR: Can't open /mnt/clamav/clamav.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger

It's the same file with the same permissions on it, just in a different location.

Any thoughts or tips on how to resolve this problem would be greatly appreciated.

GrumpyCanuck
  • 123
  • 2
  • 7

1 Answers1

1

Check to make sure the permissions are set so that clam can actually write to /mnt/clamav/clamav.log. You can use chmod to change the permissions of the file. It could also be that the the drive mounted is stated in /etc/fstab to be read-only.

Wilshire
  • 538
  • 6
  • 19
  • I can definitely write to /mnt as I copied the file there. It has the same ownership and permissions as the one in /var/log/clamav. – GrumpyCanuck Jun 16 '11 at 20:15
  • can you add your /etc/fstab config for /mnt/clamav and the file permission listing for the file from ls -l to your original question then for clarification. Thanks! – Wilshire Jun 16 '11 at 20:19
  • File permissions: /var/log/clamav/clamav.log -rw-r----- 1 clamav adm 3364 2011-06-16 20:07 clamav.log – GrumpyCanuck Jun 16 '11 at 20:25
  • For /etc/fstab and the /mnt directory: /dev/sdb /mnt auto defaults,nobootwait,comment=cloudconfig 0 0 – GrumpyCanuck Jun 16 '11 at 20:27
  • For /mnt/clamav/clamav.log (where I want the file to be) -rw-r----- 1 clamav adm 1879 2011-06-16 19:47 /mnt/clamav/clamav.log – GrumpyCanuck Jun 16 '11 at 20:28
  • for the sake of exhausting all possibilities of permission problems can you post the ls -l of the /mnt/clamav directory. IE. is it owned by clamav? – Wilshire Jun 16 '11 at 20:41
  • The direcrory is drw------- 2 clamav adm 4096 2011-06-16 19:50 clamav – GrumpyCanuck Jun 16 '11 at 23:55
  • Can you try setting the permissions with chmod 660 /mnt/clamav/clamav.log and see if that helps? If not is there any messages pertaining to these failures in /var/log/messages? Do you have SELinux enabled? If so are there messages in /var/log/audit/audit.log pertaining to clamav? Thanks! – Wilshire Jun 17 '11 at 00:35
  • I tried changing the permissions to 660 and it made no difference. Here's a sample entry from /var/log/messages, hope it helps: Jun 16 20:08:32 domU-12-31-39-02-C9-C8 kernel: [ 6070.250018] type=1503 audit(1308254912.916:50): operation="open" pid=11367 parent=11119 profile="/usr/sbin/clamd" requested_mask="ac::" denied_mask="ac::" fsuid=112 ouid=112 name="/mnt/clamav/clamav.log" – GrumpyCanuck Jun 17 '11 at 13:04
  • Can you try setting clamav to write to the previous folder file for l /var/log/clamav/clamav.log but afterwards set mount --bind /mnt/clamav /var/log/clamav? I hope this helps as this is quite a strange issue. – Wilshire Jun 17 '11 at 14:06
  • Could you provide output of `ls -Z /mnt/clamav/clamav.log /var/log/clamav/clamav.log` – AlexD Jun 17 '11 at 17:04