Mailing List Archive

[clamav-users] Can't start clamd - lchown to user failed
Hello everyone,

I'm running a Ubuntu 20.04 server. I've had ClamAV installed and running with on-access successfully.

I did an apt upgrade that included ClamAV v0.103.2 and since then I can't get clamd to start.

The error is: ERROR: lchown to user 'clamav' failed on log file '/var/log/clamav/clamav.log'. Error was 'Operation not permitted'

lchown is not installed on my system and I'm not finding it in the Ubuntu software repository. Searching the web led me to a lchown man page that states this is for changing syslinks, but /var/log/clamav/clamav.log is not a syslink'd file.

Is lchown a new requirement for v0.103.2?

How can I get clamd working again?

Thanks!

Keith Graber

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Can't start clamd - lchown to user failed [ In reply to ]
lchown isn't a program, it's a C function provided by `unistd.h`. The error likely has to do with the permissions of the /var/log/clamav directory (if it exists), and which user the program is running as.

-Micah

> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of
> Keith Graber
> Sent: Friday, April 23, 2021 1:16 PM
> To: 'clamav-users@lists.clamav.net' <clamav-users@lists.clamav.net>
> Subject: [clamav-users] Can't start clamd - lchown to user failed
>
> Hello everyone,
>
> I'm running a Ubuntu 20.04 server. I've had ClamAV installed and running with
> on-access successfully.
>
> I did an apt upgrade that included ClamAV v0.103.2 and since then I can't get
> clamd to start.
>
> The error is: ERROR: lchown to user 'clamav' failed on log file
> '/var/log/clamav/clamav.log'. Error was 'Operation not permitted'
>
> lchown is not installed on my system and I'm not finding it in the Ubuntu
> software repository. Searching the web led me to a lchown man page that
> states this is for changing syslinks, but /var/log/clamav/clamav.log is not a
> syslink'd file.
>
> Is lchown a new requirement for v0.103.2?
>
> How can I get clamd working again?
>
> Thanks!
>
> Keith Graber
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Can't start clamd - lchown to user failed [ In reply to ]
I'm running ClamAV as user 'clamav' who owns /var/log/clamav

drwxr-xr-x 2 clamav clamav 4096 Apr 18 00:00 clamav

the files inside are:

root@<redacted>:/var/log/clamav# ls -l
total 420
-rw-r----- 1 clamav adm 11978 Apr 23 11:34 clamav.log
-rw-r----- 1 clamav adm 11718 Apr 18 00:00 clamav.log.1
-rw-r----- 1 clamav adm 1302 Feb 14 00:00 clamav.log.10.gz
-rw-r----- 1 clamav adm 1215 Feb 7 00:00 clamav.log.11.gz
-rw-r----- 1 clamav adm 1989 Jan 31 00:00 clamav.log.12.gz
-rw-r----- 1 clamav adm 1837 Apr 11 00:00 clamav.log.2.gz
-rw-r----- 1 clamav adm 1134 Apr 4 00:00 clamav.log.3.gz
-rw-r----- 1 clamav adm 3376 Mar 28 00:00 clamav.log.4.gz
-rw-r----- 1 clamav adm 1033 Mar 21 00:00 clamav.log.5.gz
-rw-r----- 1 clamav adm 2149 Mar 14 00:00 clamav.log.6.gz
-rw-r----- 1 clamav adm 1096 Mar 7 00:00 clamav.log.7.gz
-rw-r----- 1 clamav adm 1064 Feb 28 00:00 clamav.log.8.gz
-rw-r----- 1 clamav adm 1058 Feb 21 00:00 clamav.log.9.gz
-rw-r----- 1 clamav clamav 118698 Apr 24 08:14 freshclam.log
-rw-r----- 1 clamav adm 141909 Apr 18 00:00 freshclam.log.1
-rw-r----- 1 clamav adm 5047 Feb 14 00:00 freshclam.log.10.gz
-rw-r----- 1 clamav adm 5234 Feb 7 00:00 freshclam.log.11.gz
-rw-r----- 1 clamav adm 5543 Jan 31 00:00 freshclam.log.12.gz
-rw-r----- 1 clamav adm 6334 Apr 11 00:00 freshclam.log.2.gz
-rw-r----- 1 clamav adm 5066 Apr 4 00:00 freshclam.log.3.gz
-rw-r----- 1 clamav adm 5268 Mar 28 00:00 freshclam.log.4.gz
-rw-r----- 1 clamav adm 5046 Mar 21 00:00 freshclam.log.5.gz
-rw-r----- 1 clamav adm 5237 Mar 14 00:00 freshclam.log.6.gz
-rw-r----- 1 clamav adm 5072 Mar 7 00:00 freshclam.log.7.gz
-rw-r----- 1 clamav adm 5071 Feb 28 00:00 freshclam.log.8.gz
-rw-r----- 1 clamav adm 5074 Feb 21 00:00 freshclam.log.9.gz

-----Original Message-----
From: Micah Snyder (micasnyd) <micasnyd@cisco.com>
Sent: Friday, April 23, 2021 3:48 PM
To: ClamAV users ML <clamav-users@lists.clamav.net>
Subject: Re: [clamav-users] Can't start clamd - lchown to user failed

lchown isn't a program, it's a C function provided by `unistd.h`. The error likely has to do with the permissions of the /var/log/clamav directory (if it exists), and which user the program is running as.

-Micah

> -----Original Message-----
> From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf
> Of Keith Graber
> Sent: Friday, April 23, 2021 1:16 PM
> To: 'clamav-users@lists.clamav.net' <clamav-users@lists.clamav.net>
> Subject: [clamav-users] Can't start clamd - lchown to user failed
>
> Hello everyone,
>
> I'm running a Ubuntu 20.04 server. I've had ClamAV installed and
> running with on-access successfully.
>
> I did an apt upgrade that included ClamAV v0.103.2 and since then I
> can't get clamd to start.
>
> The error is: ERROR: lchown to user 'clamav' failed on log file
> '/var/log/clamav/clamav.log'. Error was 'Operation not permitted'
>
> lchown is not installed on my system and I'm not finding it in the
> Ubuntu software repository. Searching the web led me to a lchown man
> page that states this is for changing syslinks, but
> /var/log/clamav/clamav.log is not a syslink'd file.
>
> Is lchown a new requirement for v0.103.2?
>
> How can I get clamd working again?
>
> Thanks!
>
> Keith Graber
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml


_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Can't start clamd - lchown to user failed [ In reply to ]
well. try to switch to user clamav:

su - clamav -s /bin/bash and try to start clamd in commandline.

Eero

On Sat 24. Apr 2021 at 16.47, Keith Graber <Keith.Graber@lsssd.org> wrote:

> I'm running ClamAV as user 'clamav' who owns /var/log/clamav
>
> drwxr-xr-x 2 clamav clamav 4096 Apr 18 00:00 clamav
>
> the files inside are:
>
> root@<redacted>:/var/log/clamav# ls -l
> total 420
> -rw-r----- 1 clamav adm 11978 Apr 23 11:34 clamav.log
> -rw-r----- 1 clamav adm 11718 Apr 18 00:00 clamav.log.1
> -rw-r----- 1 clamav adm 1302 Feb 14 00:00 clamav.log.10.gz
> -rw-r----- 1 clamav adm 1215 Feb 7 00:00 clamav.log.11.gz
> -rw-r----- 1 clamav adm 1989 Jan 31 00:00 clamav.log.12.gz
> -rw-r----- 1 clamav adm 1837 Apr 11 00:00 clamav.log.2.gz
> -rw-r----- 1 clamav adm 1134 Apr 4 00:00 clamav.log.3.gz
> -rw-r----- 1 clamav adm 3376 Mar 28 00:00 clamav.log.4.gz
> -rw-r----- 1 clamav adm 1033 Mar 21 00:00 clamav.log.5.gz
> -rw-r----- 1 clamav adm 2149 Mar 14 00:00 clamav.log.6.gz
> -rw-r----- 1 clamav adm 1096 Mar 7 00:00 clamav.log.7.gz
> -rw-r----- 1 clamav adm 1064 Feb 28 00:00 clamav.log.8.gz
> -rw-r----- 1 clamav adm 1058 Feb 21 00:00 clamav.log.9.gz
> -rw-r----- 1 clamav clamav 118698 Apr 24 08:14 freshclam.log
> -rw-r----- 1 clamav adm 141909 Apr 18 00:00 freshclam.log.1
> -rw-r----- 1 clamav adm 5047 Feb 14 00:00 freshclam.log.10.gz
> -rw-r----- 1 clamav adm 5234 Feb 7 00:00 freshclam.log.11.gz
> -rw-r----- 1 clamav adm 5543 Jan 31 00:00 freshclam.log.12.gz
> -rw-r----- 1 clamav adm 6334 Apr 11 00:00 freshclam.log.2.gz
> -rw-r----- 1 clamav adm 5066 Apr 4 00:00 freshclam.log.3.gz
> -rw-r----- 1 clamav adm 5268 Mar 28 00:00 freshclam.log.4.gz
> -rw-r----- 1 clamav adm 5046 Mar 21 00:00 freshclam.log.5.gz
> -rw-r----- 1 clamav adm 5237 Mar 14 00:00 freshclam.log.6.gz
> -rw-r----- 1 clamav adm 5072 Mar 7 00:00 freshclam.log.7.gz
> -rw-r----- 1 clamav adm 5071 Feb 28 00:00 freshclam.log.8.gz
> -rw-r----- 1 clamav adm 5074 Feb 21 00:00 freshclam.log.9.gz
>
> -----Original Message-----
> From: Micah Snyder (micasnyd) <micasnyd@cisco.com>
> Sent: Friday, April 23, 2021 3:48 PM
> To: ClamAV users ML <clamav-users@lists.clamav.net>
> Subject: Re: [clamav-users] Can't start clamd - lchown to user failed
>
> lchown isn't a program, it's a C function provided by `unistd.h`. The
> error likely has to do with the permissions of the /var/log/clamav
> directory (if it exists), and which user the program is running as.
>
> -Micah
>
> > -----Original Message-----
> > From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf
> > Of Keith Graber
> > Sent: Friday, April 23, 2021 1:16 PM
> > To: 'clamav-users@lists.clamav.net' <clamav-users@lists.clamav.net>
> > Subject: [clamav-users] Can't start clamd - lchown to user failed
> >
> > Hello everyone,
> >
> > I'm running a Ubuntu 20.04 server. I've had ClamAV installed and
> > running with on-access successfully.
> >
> > I did an apt upgrade that included ClamAV v0.103.2 and since then I
> > can't get clamd to start.
> >
> > The error is: ERROR: lchown to user 'clamav' failed on log file
> > '/var/log/clamav/clamav.log'. Error was 'Operation not permitted'
> >
> > lchown is not installed on my system and I'm not finding it in the
> > Ubuntu software repository. Searching the web led me to a lchown man
> > page that states this is for changing syslinks, but
> > /var/log/clamav/clamav.log is not a syslink'd file.
> >
> > Is lchown a new requirement for v0.103.2?
> >
> > How can I get clamd working again?
> >
> > Thanks!
> >
> > Keith Graber
> >
> > _______________________________________________
> >
> > clamav-users mailing list
> > clamav-users@lists.clamav.net
> > https://lists.clamav.net/mailman/listinfo/clamav-users
> >
> >
> > Help us build a comprehensive ClamAV guide:
> > https://github.com/vrtadmin/clamav-faq
> >
> > http://www.clamav.net/contact.html#ml
>
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml
>
Re: [clamav-users] Can't start clamd - lchown to user failed [ In reply to ]
On Sat, 2021-04-24 at 13:46 +0000, Keith Graber wrote:
> I'm running ClamAV as user 'clamav' who owns /var/log/clamav

Clamd probably expects to be run as root if it's trying to use
lchown(). Have you tried the --foreground flag?

In any case, you will save yourself a lot of trouble if you just log to
syslog and then tweak your syslog config file to put clamav entries
under /var/log/clamav. Trusting users, developers, distributions, and
init scripts to all agree on the permission scheme for /var/log has
failed.



_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml
Re: [clamav-users] Can't start clamd - lchown to user failed [ In reply to ]
Found out from a person not on the mailing list (thank you Christian Prehl!) the issue deals with AppArmor

The line: capability chown, needed to be included in /etc/apparmor.d/usr.sbin.clamd

Once that was added and AppArmor restated, clamd came right up.

Thanks everyone for your thoughts!

Keith


-----Original Message-----
From: Michael Orlitzky <michael@orlitzky.com>
Sent: Saturday, April 24, 2021 9:52 AM
To: clamav-users@lists.clamav.net
Subject: Re: [clamav-users] Can't start clamd - lchown to user failed

On Sat, 2021-04-24 at 13:46 +0000, Keith Graber wrote:
> I'm running ClamAV as user 'clamav' who owns /var/log/clamav

Clamd probably expects to be run as root if it's trying to use lchown(). Have you tried the --foreground flag?

In any case, you will save yourself a lot of trouble if you just log to syslog and then tweak your syslog config file to put clamav entries under /var/log/clamav. Trusting users, developers, distributions, and init scripts to all agree on the permission scheme for /var/log has failed.




_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml