170739 2007-03-13 14:44 0000 app-antivirus/clamav with logrotate = broken perm for log files 2007-04-10 20:04:56 0000 1 1 1 Unclassified Gentoo Linux Ebuilds unspecified All Linux CLOSED TEST-REQUEST P2 normal --- 1 bor@univ.kiev.ua antivirus@gentoo.org bor@univ.kiev.ua 2007-03-13 14:44:15 0000 Yesterday my mail don't received and I see in log Mar 13 09:01:45 gameinside X-Qmail-Scanner-1.25st: [gameinside.ua117376930571811663] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 Mar 13 09:03:04 gameinside X-Qmail-Scanner-1.25st: [gameinside.ua117376938371811829] clamdscan: corrupt or unknown clamd scanner error or memory/resource/perms problem - exit status 512/2 After discover the problem I found that clamav logrotate file contain create 640 clamav clamav and after this -rw-r----- 1 clamav clamav 0 2007-03-13 14:46 clamd.log before I have -rw-r----- 1 qscand qscand 1813 2007-03-13 14:28 clamd.log # /etc/init.d/clamd start * Starting clamd ... Running as user qscand (UID 210, GID 210) ERROR: Can't open /var/log/clamav/clamd.log in append mode (check permissions!). ERROR: Problem with internal logger. Please check the permissions on the /var/log/clamav/clamd.log file. * Failed to start clamd [ !! ] * Starting freshclam ... ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). * Failed to start freshclam [ !! ] and strange status set # /etc/init.d/clamd start * WARNING: clamd has already been started. clamav init.d script try chown log file only in milter mode (why not for all ?) so in logrotate file put code like local clamav_user=`awk '$1 == "User" { print $2 }' /etc/clamd.conf` from init.d script or in this init.d script try fix perms always ticho@gentoo.org 2007-03-15 13:27:10 0000 You're right. In the past, the initscript changed owner of both log files to user clamav (hardcoded). Then the code was removed. I guess I never thought of that because I never hit the bug you describe. Anyway, the initscript now changes ownership of both logs to correct user (parsed from config files). Thanks for suggestion! bor@univ.kiev.ua 2007-03-16 12:04:37 0000 I also suggest in logrotate file change postrotate /bin/kill -HUP `cat /var/run/clamav/clamd.pid 2> /dev/null` 2>/dev/null || true to postrotate /etc/init.d/clamd restart 2>/dev/null || true because before it create 640 clamav clamav and log files create under clamav clamav or remove this string anywhere bor@univ.kiev.ua 2007-03-21 20:36:41 0000 I think - I must reopen bug for pay attention my previous comment problem still exists unless fix logrotate file ticho@gentoo.org 2007-03-25 19:26:39 0000 Ok, I moved permission/ownership fix to a separate logfix() function in the initscript, which is called from start(), as well as from the logrotate script. How does that sound? bor@univ.kiev.ua 2007-03-26 11:26:36 0000 permission now ok but you not reload clamav :( so clamd use old open pipe lsof show clamd 16701 qscand 3w REG 8,3 30511 267443 /var/log/clamav/clamd.log.1 (deleted) please change (in clamav.logrotate) /etc/init.d/clamd logfix to /etc/init.d/clamd restart ticho@gentoo.org 2007-03-27 10:03:11 0000 A better idea is to reload clamd/freshclam using SIGHUP, just like before. This time, however it is after permissions are fixed, so all should be peachy. Changes committed. bor@univ.kiev.ua 2007-03-30 12:31:55 0000 now all ok thanks