klamav can't download virus database on jaunty

Bug #359301 reported by Imre Gergely on 2009-04-10
16
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
High
Scott Kitterman
Intrepid
Undecided
Unassigned

Bug Description

Binary package hint: klamav

After installing klamav 0.46-2 on Jaunty, when I run it for the first time, it needs to download the virus database to /home/user/.klamav/database.
This directory gets created by klamav, but it can't download the files, and in the logs the following message appears:

Apr 11 00:14:28 utest-jj kernel: [51007.650516] type=1503 audit(1239398068.942:174): operation="inode_create" requested_mask="a::" denied_mask="a::" fsuid=1000 name="/home/gimre/.klamav/database/clamav-5771d1375f31f95d3d70a4f4681a083c" pid=32499 profile="/usr/bin/freshclam"

The database doesn't get downloaded, and klamav is useless without it, it can't scan anything.

After stopping apparmor, it works without problems.

Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. Can you try adding the following to /etc/apparmor.d/usr.bin.freshclam:
  owner /home/*/.klamav/db/database/ rw,
  owner /home/*/.klamav/db/database/** rwk,

and then restarting apparmor with:
$ sudo /etc/init.d/apparmor force-reload

affects: klamav (Ubuntu) → clamav (Ubuntu)
Changed in clamav (Ubuntu):
importance: Undecided → High
status: New → Triaged
assignee: nobody → jdstrand
status: Triaged → Incomplete
Jamie Strandboge (jdstrand) wrote :

Sorry, that should be:

  owner @{HOME}/.klamav/db/database/ rw,
  owner @{HOME}/.klamav/db/database/** rwk,

Imre Gergely (cemc) wrote :

Was working with these two lines:

  owner @{HOME}/.klamav/database/ rw,
  owner @{HOME}/.klamav/database/** rwk,

After adding them, the database got downloaded correctly in /home/user/.klamav/database.

Changed in clamav (Ubuntu):
milestone: none → ubuntu-9.04
status: Incomplete → Triaged
Jamie Strandboge (jdstrand) wrote :
Changed in clamav (Ubuntu):
assignee: jdstrand → kitterman
status: Triaged → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.1+dfsg-0ubuntu1

---------------
clamav (0.95.1+dfsg-0ubuntu1) jaunty; urgency=low

  [ Scott Kitterman ]
  * New upstream bugfix release
    - libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552)
    - libclamav/phishcheck.c: fix possible crash in cli_url_canon() (bb#1553)
    - Signficant clamav-milter bug fixes
    - Other fixes throughout
  * Drop ArchiveLimitMemoryUsage option from clamav-base.postinst.in (option
    removed upstream)
  * Add CommandReadTimeout, SendBufTimeout, and MaxQueue to
    clamav-base.postinst.in
  * Add SkipAuthenticated to clamav-milter.postinst.in
  * Drop unrar and lha from clamav Suggests since external unpackers are not
    supported since 0.94

  [ Jamie Strandboge ]
  * fix freshclam apparmor profile for klamav (LP: #359301)

 -- Scott Kitterman <email address hidden> Fri, 10 Apr 2009 21:57:17 -0400

Changed in clamav (Ubuntu):
status: In Progress → Fix Released
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in clamav (Ubuntu Intrepid):
status: New → Fix Committed
tags: added: verification-needed
Imre Gergely (cemc) wrote :

Tested on Intrepid. Got package from intrepid-proposed: clamav 0.94.dfsg.2-1ubuntu0.4
with klamav 0.44-3ubuntu2

Database of klamav gets downloaded in /home/<user>/.klamav/database without issues, scan can be run, and viruses are detected. Tried a database update too, after removing the database files, they get downloaded again as expected.

Imre Gergely (cemc) wrote :

Maybe this should be continued over in bug 360655 ?

Martin Pitt (pitti) on 2009-04-15
tags: added: verification-done
removed: verification-needed
Imre Gergely (cemc) wrote :

clamtk has the same problem, can't update/download virus database to user's home directory, because apparmor for freshclam is too restrictive for clamtk.

See attached debdiff for a quick fix.

Martin Pitt (pitti) wrote :

Imre, this is handled in bug 360655.

Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.

Changed in clamav (Ubuntu Intrepid):
status: Fix Committed → Invalid
Mathew Hodson (mhodson) on 2014-11-26
Changed in clamav (Ubuntu Intrepid):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers