Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 470090 - <app-antivirus/clamav-0.98 - loss of ownership of logs after logrotate causes freshclam to fail to update virus definitions
Summary: <app-antivirus/clamav-0.98 - loss of ownership of logs after logrotate causes...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: AMD64 Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords: PATCH
: 480038 (view as bug list)
Depends on:
Blocks: CVE-2013-2020
  Show dependency tree
 
Reported: 2013-05-16 17:47 UTC by Linear Systems Tech Svcs.
Modified: 2014-01-10 23:41 UTC (History)
7 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
patch to fix buggy clamd.initd (file_470090.txt,2.60 KB, patch)
2013-08-21 11:54 UTC, cyberbat
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Linear Systems Tech Svcs. 2013-05-16 17:47:15 UTC
When trying to run freshclam manually, you get a warning about the system being unable to open /var/log/clamav/freshclam.log in append mode.
It seems to be a relatively recent change as here is the listing from the /var/log/clamav/ directory:
drwxr-xr-x  2 clamav clamav 4096 May 16 10:25 .
drwxr-xr-x 14 root   root   4096 May 12 03:10 ..
-rw-r-----  1 root   root      0 May 12 03:10 clamd.log
-rw-r-----  1 clamav root   3703 Apr 21 03:09 clamd.log-20130421.gz
-rw-r-----  1 clamav root   3849 Apr 28 03:05 clamd.log-20130428.gz
-rw-r-----  1 clamav root   3748 May  5 03:01 clamd.log-20130505.gz
-rw-r-----  1 root   root     20 May  5 03:10 clamd.log-20130512.gz
-rw-rw----  1 root   root     32 May 16 10:25 freshclam.log
-rw-r-----  1 clamav root   2558 Apr 21 01:19 freshclam.log-20130421.gz
-rw-r-----  1 clamav root   3041 Apr 28 01:15 freshclam.log-20130428.gz
-rw-r-----  1 root   root   2771 May  5 01:20 freshclam.log-20130505.gz
-rw-r-----  1 root   root     20 May  5 03:10 freshclam.log-20130512.gz
tech8 ~ # 

Reproducible: Always

Steps to Reproduce:
1. Have clamav installed for over 2 weeks with logrotate running.
2. Run freshclam
3.
Actual Results:  
Error output:
tech8 ~ # freshclam 
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
tech8 ~ #

Expected Results:  
tech8 ~ # freshclam 
ClamAV update process started at Thu May 16 10:28:29 2013
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.97.7 Recommended version: 0.97.8
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
WARNING: getfile: daily-17223.cdiff not found on remote server (IP: 64.22.33.90)
WARNING: getpatch: Can't download daily-17223.cdiff from database.clamav.net
Downloading daily-17223.cdiff [100%]
daily.cld updated (version: 17223, sigs: 1272129, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder: neo)
Database updated (2316557 signatures) from database.clamav.net (IP: 69.12.162.28)


Well, knowing that logrotate is much more finicky about log ownerships now, I recommend updating the /etc/logrotate.d/clamav file to the following:

/var/log/clamav/clamd.log {
        missingok
        su clamav root
        postrotate
                /etc/init.d/clamd logfix
                /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true
        endscript
}

/var/log/clamav/freshclam.log {
        missingok
        su clamav root
        postrotate
                /etc/init.d/clamd logfix
                /bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2> /dev/null` 2>/dev/null || true
        endscript
}
Comment 1 Federico Ceccarelli 2013-06-29 17:03:51 UTC
I have the same problem. As a work-around I have set the write permission bits on /var/log/clamav/freshclam.log for both group users and other users; I recognize this is everything but a clean solution.
Moreover, it doesn't work when freshclam is launched by a normal user because of a lack of permissions on the /var/lib/clamav directory (freshclam grants execution rights to both group users and other users too).

(In reply to Linear Systems Tech Svcs. from comment #0)
> When trying to run freshclam manually, you get a warning about the system
> being unable to open /var/log/clamav/freshclam.log in append mode.
> It seems to be a relatively recent change as here is the listing from the
> /var/log/clamav/ directory:
> drwxr-xr-x  2 clamav clamav 4096 May 16 10:25 .
> drwxr-xr-x 14 root   root   4096 May 12 03:10 ..
> -rw-r-----  1 root   root      0 May 12 03:10 clamd.log
> -rw-r-----  1 clamav root   3703 Apr 21 03:09 clamd.log-20130421.gz
> -rw-r-----  1 clamav root   3849 Apr 28 03:05 clamd.log-20130428.gz
> -rw-r-----  1 clamav root   3748 May  5 03:01 clamd.log-20130505.gz
> -rw-r-----  1 root   root     20 May  5 03:10 clamd.log-20130512.gz
> -rw-rw----  1 root   root     32 May 16 10:25 freshclam.log
> -rw-r-----  1 clamav root   2558 Apr 21 01:19 freshclam.log-20130421.gz
> -rw-r-----  1 clamav root   3041 Apr 28 01:15 freshclam.log-20130428.gz
> -rw-r-----  1 root   root   2771 May  5 01:20 freshclam.log-20130505.gz
> -rw-r-----  1 root   root     20 May  5 03:10 freshclam.log-20130512.gz
> tech8 ~ # 
> 
> Reproducible: Always
> 
> Steps to Reproduce:
> 1. Have clamav installed for over 2 weeks with logrotate running.
> 2. Run freshclam
> 3.
> Actual Results:  
> Error output:
> tech8 ~ # freshclam 
> ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
> permissions!).
> ERROR: Problem with internal logger (UpdateLogFile =
> /var/log/clamav/freshclam.log).
> tech8 ~ #
> 
> Expected Results:  
> tech8 ~ # freshclam 
> ClamAV update process started at Thu May 16 10:28:29 2013
> WARNING: Your ClamAV installation is OUTDATED!
> WARNING: Local version: 0.97.7 Recommended version: 0.97.8
> DON'T PANIC! Read http://www.clamav.net/support/faq
> main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder:
> sven)
> WARNING: getfile: daily-17223.cdiff not found on remote server (IP:
> 64.22.33.90)
> WARNING: getpatch: Can't download daily-17223.cdiff from database.clamav.net
> Downloading daily-17223.cdiff [100%]
> daily.cld updated (version: 17223, sigs: 1272129, f-level: 63, builder: neo)
> bytecode.cld is up to date (version: 214, sigs: 41, f-level: 63, builder:
> neo)
> Database updated (2316557 signatures) from database.clamav.net (IP:
> 69.12.162.28)
> 
> 
> Well, knowing that logrotate is much more finicky about log ownerships now,
> I recommend updating the /etc/logrotate.d/clamav file to the following:
> 
> /var/log/clamav/clamd.log {
>         missingok
>         su clamav root
>         postrotate
>                 /etc/init.d/clamd logfix
>                 /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null`
> 2>/dev/null || true
>         endscript
> }
> 
> /var/log/clamav/freshclam.log {
>         missingok
>         su clamav root
>         postrotate
>                 /etc/init.d/clamd logfix
>                 /bin/kill -HUP `cat /var/run/clamav/freshclam.pid 2>
> /dev/null` 2>/dev/null || true
>         endscript
> }
Comment 2 Richard H. 2013-07-20 10:33:23 UTC
This is still very existent. Will there be a fix in portage?
Comment 3 cyberbat 2013-08-21 11:54:49 UTC
Created attachment 356584 [details, diff]
patch to fix buggy clamd.initd

The issue happens because of buggy logfix function in /etc/init.d/clamd. It's already corrected in portage (clamd.initd-r5), but I think I make it a little better.
Comment 4 Chris Reffett (RETIRED) gentoo-dev Security 2013-10-05 01:56:55 UTC
antivirus apparently has nothing to say. If this is indeed fixed in latest init script (-r6), let's stable and be done with it. Arches, please test and stabilize:
=app-antivirus/clamav-0.98
Target arches: alpha amd64 hppa ia64 ppc ppc64 sparc x86
Comment 5 Agostino Sarubbo gentoo-dev 2013-10-05 06:19:25 UTC
amd64 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2013-10-05 16:14:22 UTC
Stable for HPPA.
Comment 7 Agostino Sarubbo gentoo-dev 2013-10-06 07:51:31 UTC
x86 stable
Comment 8 Agostino Sarubbo gentoo-dev 2013-10-06 10:12:50 UTC
ia64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2013-10-06 15:19:22 UTC
alpha stable
Comment 10 Agostino Sarubbo gentoo-dev 2013-10-07 19:30:17 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2013-10-09 17:09:54 UTC
sparc stable
Comment 12 Christian Tietz 2013-10-11 18:13:51 UTC
Appears like this has been been marked stable solely for HPPA:

$ eshowkw clamav | grep 0.98
0.98    | ~ ~ ~ + ~ o o ~ ~ o o ~ ~ | o   | gentoo
Comment 13 Agostino Sarubbo gentoo-dev 2013-10-13 10:36:42 UTC
ppc64 stable
Comment 14 Sergey Popov gentoo-dev 2013-11-29 09:06:25 UTC
(In reply to Christian Tietz from comment #12)
> Appears like this has been been marked stable solely for HPPA:
> 
> $ eshowkw clamav | grep 0.98
> 0.98    | ~ ~ ~ + ~ o o ~ ~ o o ~ ~ | o   | gentoo

Thanks for pointing this out, keywords are restored as they should be set earlier.

Closing this as fixed
Comment 15 Pacho Ramos gentoo-dev 2014-01-10 23:41:47 UTC
*** Bug 480038 has been marked as a duplicate of this bug. ***