Ubuntu
clamav package

klamav can't download virus database on jaunty

Bug #359301 reported by Imre Gergely
16
Affects Status Importance Assigned to Milestone
clamav (Ubuntu)
Fix Released
High
Scott Kitterman
Ubuntu ubuntu-9.04
Intrepid
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: klamav

After installing klamav 0.46-2 on Jaunty, when I run it for the first time, it needs to download the virus database to /home/user/.klamav/database.
This directory gets created by klamav, but it can't download the files, and in the logs the following message appears:

Apr 11 00:14:28 utest-jj kernel: [51007.650516] type=1503 audit(1239398068.942:174): operation="inode_create" requested_mask="a::" denied_mask="a::" fsuid=1000 name="/home/gimre/.klamav/database/clamav-5771d1375f31f95d3d70a4f4681a083c" pid=32499 profile="/usr/bin/freshclam"

The database doesn't get downloaded, and klamav is useless without it, it can't scan anything.

After stopping apparmor, it works without problems.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for using Ubuntu and taking the time to report a bug. Can you try adding the following to /etc/apparmor.d/usr.bin.freshclam:
  owner /home/*/.klamav/db/database/ rw,
  owner /home/*/.klamav/db/database/** rwk,

and then restarting apparmor with:
$ sudo /etc/init.d/apparmor force-reload

affects: klamav (Ubuntu) → clamav (Ubuntu)
Changed in clamav (Ubuntu):
importance: Undecided → High
status: New → Triaged
assignee: nobody → jdstrand
status: Triaged → Incomplete
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Sorry, that should be:

  owner @{HOME}/.klamav/db/database/ rw,
  owner @{HOME}/.klamav/db/database/** rwk,

Revision history for this message
Imre Gergely (cemc) wrote :

Was working with these two lines:

  owner @{HOME}/.klamav/database/ rw,
  owner @{HOME}/.klamav/database/** rwk,

After adding them, the database got downloaded correctly in /home/user/.klamav/database.

Jamie Strandboge (jdstrand)
Changed in clamav (Ubuntu):
milestone: none → ubuntu-9.04
status: Incomplete → Triaged
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in clamav (Ubuntu):
assignee: jdstrand → kitterman
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package clamav - 0.95.1+dfsg-0ubuntu1

---------------
clamav (0.95.1+dfsg-0ubuntu1) jaunty; urgency=low

  [ Scott Kitterman ]
  * New upstream bugfix release
    - libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552)
    - libclamav/phishcheck.c: fix possible crash in cli_url_canon() (bb#1553)
    - Signficant clamav-milter bug fixes
    - Other fixes throughout
  * Drop ArchiveLimitMemoryUsage option from clamav-base.postinst.in (option
    removed upstream)
  * Add CommandReadTimeout, SendBufTimeout, and MaxQueue to
    clamav-base.postinst.in
  * Add SkipAuthenticated to clamav-milter.postinst.in
  * Drop unrar and lha from clamav Suggests since external unpackers are not
    supported since 0.94

  [ Jamie Strandboge ]
  * fix freshclam apparmor profile for klamav (LP: #359301)

 -- Scott Kitterman <email address hidden> Fri, 10 Apr 2009 21:57:17 -0400

Changed in clamav (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

Accepted into intrepid-proposed; please test and give feedback here. Please see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in clamav (Ubuntu Intrepid):
status: New → Fix Committed
tags: added: verification-needed
Revision history for this message
Imre Gergely (cemc) wrote :

Tested on Intrepid. Got package from intrepid-proposed: clamav 0.94.dfsg.2-1ubuntu0.4
with klamav 0.44-3ubuntu2

Database of klamav gets downloaded in /home/<user>/.klamav/database without issues, scan can be run, and viruses are detected. Tried a database update too, after removing the database files, they get downloaded again as expected.

Revision history for this message
Imre Gergely (cemc) wrote :

Maybe this should be continued over in bug 360655 ?

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Imre Gergely (cemc) wrote :

clamtk has the same problem, can't update/download virus database to user's home directory, because apparmor for freshclam is too restrictive for clamtk.

See attached debdiff for a quick fix.

Revision history for this message
Martin Pitt (pitti) wrote :

Imre, this is handled in bug 360655.

Revision history for this message
Alex Valavanis (valavanisalex) wrote :

Intrepid Ibex reached end-of-life on 30 April 2010 so I am closing the
report. The bug has been fixed in newer releases of Ubuntu.

Changed in clamav (Ubuntu Intrepid):
status: Fix Committed → Invalid
Mathew Hodson (mhodson)
Changed in clamav (Ubuntu Intrepid):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.