The default apparmor profile for the freshclam binary doesn't contain rules for scripts added to the /etc/clamav/onupdateexecute.d directory as we can't predict what those scripts will be doing.
You can fix this is one of three ways:
1- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add "/bin/dash ixr," and other rules necessary for your script to run properly. (recommended)
2- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add "/bin/dash Uxr,", which will let scripts run unconfined. This is a security compromise.
3- Disable the freshclam profile by doing "sudo touch /etc/apparmor.d/disable/usr.bin.freshclam". This disables apparmor security for the freshclam tool. This is not recommended.
Thanks for reporting this issue.
The default apparmor profile for the freshclam binary doesn't contain rules for scripts added to the /etc/clamav/ onupdateexecute .d directory as we can't predict what those scripts will be doing.
You can fix this is one of three ways:
1- Modify the /etc/apparmor. d/usr.bin. freshclam profile to add "/bin/dash ixr," and other rules necessary for your script to run properly. (recommended)
2- Modify the /etc/apparmor. d/usr.bin. freshclam profile to add "/bin/dash Uxr,", which will let scripts run unconfined. This is a security compromise.
3- Disable the freshclam profile by doing "sudo touch /etc/apparmor. d/disable/ usr.bin. freshclam" . This disables apparmor security for the freshclam tool. This is not recommended.