From https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/642008 ...

I am using Firefox 3.6.10 with Fireclam0.6.5 add-on under Ubuntu 9.10 (64 bit) . I've got ClamAV Antivirus engine 0.96.1, GUI version 4.15, and my Virus definitions are up-to-date.

In the past month, Synaptic has upgraded my Firefox twice -- first to 3.6.9, then to 3.6.10. Following the most recent upgrade, it seems that every download using Firefox produces a message that the file is infected.

Running sudo aa-complain /etc/apparmor.d/usr.bin.firefox , I get the following in my messages log:

Sep 20 13:38:46 RL kernel: [24988.076744] type=1505 audit(1285007926.066:46): operation="profile_replace" pid=29473 name=/usr/lib/firefox-3.6.10/firefox-*bin
Sep 20 13:38:46 RL kernel: [24988.076949] type=1505 audit(1285007926.066:47): operation="profile_replace" pid=29473 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_java
Sep 20 13:38:46 RL kernel: [24988.077111] type=1505 audit(1285007926.066:48): operation="profile_replace" pid=29473 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_openjdk
Sep 20 13:39:41 RL kernel: [25043.207793] type=1502 audit(1285007981.195:49): operation="exec" pid=29513 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 <email address hidden>/chrome/content/download_complete_notify.py" name2="/usr/lib/firefox-3.6.10/firefox-*bin//null-11"
Sep 20 13:39:41 RL kernel: [25043.221845] type=1502 audit(1285007981.215:50): operation="exec" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/clamscan" name2="/usr/lib/firefox-3.6.10/firefox-*bin//null-13"
Sep 20 13:39:41 RL kernel: [25043.228507] type=1502 audit(1285007981.215:51): operation="open" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
Sep 20 13:39:41 RL kernel: [25043.228530] type=1502 audit(1285007981.215:52): operation="file_mmap" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
Sep 20 13:39:41 RL kernel: [25043.228578] type=1502 audit(1285007981.215:53): operation="open" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/usr/lib/libclamav.so.6.1.3"
Sep 20 13:39:41 RL kernel: [25043.228595] type=1502 audit(1285007981.215:54): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/usr/lib/libclamav.so.6.1.3"
Sep 20 13:39:41 RL kernel: [25043.228621] type=1502 audit(1285007981.215:55): operation="file_mmap" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/usr/lib/libclamav.so.6.1.3"
Sep 20 13:39:41 RL kernel: [25043.228644] type=1502 audit(1285007981.215:56): operation="file_mmap" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/usr/lib/libclamav.so.6.1.3"
Sep 20 13:39:41 RL kernel: [25043.228734] type=1502 audit(1285007981.215:57): operation="open" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/libpthread-2.10.1.so"
Sep 20 13:39:41 RL kernel: [25043.228750] type=1502 audit(1285007981.215:58): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/libpthread-2.10.1.so"
Sep 20 13:39:46 RL kernel: [25048.811462] __ratelimit: 22758 callbacks suppressed
Sep 20 13:39:46 RL kernel: [25048.811466] type=1502 audit(1285007986.805:7645): operation="open" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811543] type=1502 audit(1285007986.805:7646): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811585] type=1502 audit(1285007986.805:7647): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811620] type=1502 audit(1285007986.805:7648): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811657] type=1502 audit(1285007986.805:7649): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811695] type=1502 audit(1285007986.805:7650): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811731] type=1502 audit(1285007986.805:7651): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811768] type=1502 audit(1285007986.805:7652): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811804] type=1502 audit(1285007986.805:7653): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:39:46 RL kernel: [25048.811840] type=1502 audit(1285007986.805:7654): operation="file_perm" pid=29516 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-13" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name=2F746D702F4554582D393020772D6175746F73746172206D616E2E706466
Sep 20 13:40:13 RL kernel: [25075.422160] __ratelimit: 7209 callbacks suppressed
Sep 20 13:40:13 RL kernel: [25075.422164] type=1505 audit(1285008013.416:10058): operation="profile_replace" pid=29547 name=/usr/lib/firefox-3.6.10/firefox-*bin
Sep 20 13:40:13 RL kernel: [25075.422356] type=1505 audit(1285008013.416:10059): operation="profile_replace" pid=29547 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_java
Sep 20 13:40:13 RL kernel: [25075.422496] type=1505 audit(1285008013.416:10060): operation="profile_replace" pid=29547 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_openjdk
Sep 20 13:40:18 RL kernel: [25080.371645] type=1503 audit(1285008018.365:10061): operation="exec" pid=29557 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 <email address hidden>/chrome/content/download_complete_notify.py"
Sep 20 13:40:18 RL kernel: [25080.415183] type=1503 audit(1285008018.405:10062): operation="exec" pid=29561 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/clamscan"
Sep 20 13:40:27 RL kernel: [25089.928396] type=1505 audit(1285008027.916:10063): operation="profile_replace" pid=29576 name=/usr/lib/firefox-3.6.10/firefox-*bin
Sep 20 13:40:27 RL kernel: [25089.928601] type=1505 audit(1285008027.916:10064): operation="profile_replace" pid=29576 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_java
Sep 20 13:40:27 RL kernel: [25089.928772] type=1505 audit(1285008027.916:10065): operation="profile_replace" pid=29576 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_openjdk
Sep 20 13:40:32 RL kernel: [25094.530467] type=1502 audit(1285008032.525:10066): operation="exec" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 <email address hidden>/chrome/content/download_complete_notify.py" name2="/usr/lib/firefox-3.6.10/firefox-*bin//null-17"
Sep 20 13:40:32 RL kernel: [25094.537095] type=1502 audit(1285008032.525:10067): operation="open" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
Sep 20 13:40:32 RL kernel: [25094.537116] type=1502 audit(1285008032.525:10068): operation="file_mmap" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/etc/ld.so.cache"
Sep 20 13:40:32 RL kernel: [25094.537162] type=1502 audit(1285008032.525:10069): operation="open" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/libc-2.10.1.so"
Sep 20 13:40:32 RL kernel: [25094.537177] type=1502 audit(1285008032.525:10070): operation="file_perm" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/libc-2.10.1.so"
Sep 20 13:40:32 RL kernel: [25094.537200] type=1502 audit(1285008032.525:10071): operation="file_mmap" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::mr" denied_mask="::mr" fsuid=1000 ouid=0 name="/lib/libc-2.10.1.so"
Sep 20 13:40:32 RL kernel: [25094.537225] type=1502 audit(1285008032.525:10072): operation="file_mmap" pid=29584 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-17" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=0 name="/lib/libc-2.10.1.so"
Sep 20 13:40:32 RL kernel: [25094.931344] __ratelimit: 3300 callbacks suppressed
Sep 20 13:40:32 RL kernel: [25094.931347] type=1502 audit(1285008032.925:11173): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.931384] type=1502 audit(1285008032.925:11174): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.932294] type=1502 audit(1285008032.925:11175): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.932317] type=1502 audit(1285008032.925:11176): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.933142] type=1502 audit(1285008032.925:11177): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.933163] type=1502 audit(1285008032.925:11178): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.934007] type=1502 audit(1285008032.925:11179): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.934028] type=1502 audit(1285008032.925:11180): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.934836] type=1502 audit(1285008032.925:11181): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:32 RL kernel: [25094.934855] type=1502 audit(1285008032.925:11182): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="::r" denied_mask="::r" fsuid=1000 ouid=114 name="/var/lib/clamav/daily.cld"
Sep 20 13:40:37 RL kernel: [25099.941603] __ratelimit: 24909 callbacks suppressed
Sep 20 13:40:37 RL kernel: [25099.941606] type=1502 audit(1285008037.936:19486): operation="unlink" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf97"
Sep 20 13:40:37 RL kernel: [25099.941659] type=1502 audit(1285008037.936:19487): operation="mknod" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf98"
Sep 20 13:40:37 RL kernel: [25099.941676] type=1502 audit(1285008037.936:19488): operation="open" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="rw::" denied_mask="rw::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf98"
Sep 20 13:40:37 RL kernel: [25099.941748] type=1502 audit(1285008037.936:19489): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf98"
Sep 20 13:40:37 RL kernel: [25099.941781] type=1502 audit(1285008037.936:19490): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf98"
Sep 20 13:40:37 RL kernel: [25099.943149] type=1502 audit(1285008037.936:19491): operation="unlink" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf98"
Sep 20 13:40:37 RL kernel: [25099.943195] type=1502 audit(1285008037.936:19492): operation="mknod" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf99"
Sep 20 13:40:37 RL kernel: [25099.943214] type=1502 audit(1285008037.936:19493): operation="open" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="rw::" denied_mask="rw::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf99"
Sep 20 13:40:37 RL kernel: [25099.943277] type=1502 audit(1285008037.936:19494): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="w::" denied_mask="w::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf99"
Sep 20 13:40:37 RL kernel: [25099.943311] type=1502 audit(1285008037.936:19495): operation="file_perm" pid=29587 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin//null-1b" requested_mask="r::" denied_mask="r::" fsuid=1000 ouid=1000 name="/tmp/clamav-7cc58c22f1297bff783dd8828e1ee909/pdf99"
Sep 20 13:40:52 RL kernel: [25114.371292] __ratelimit: 1737 callbacks suppressed
Sep 20 13:40:52 RL kernel: [25114.371295] type=1505 audit(1285008052.365:20075): operation="profile_replace" pid=29609 name=/usr/lib/firefox-3.6.10/firefox-*bin
Sep 20 13:40:52 RL kernel: [25114.371487] type=1505 audit(1285008052.365:20076): operation="profile_replace" pid=29609 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_java
Sep 20 13:40:52 RL kernel: [25114.371633] type=1505 audit(1285008052.365:20077): operation="profile_replace" pid=29609 name=/usr/lib/firefox-3.6.10/firefox-*bin//firefox_openjdk
Sep 20 13:40:58 RL kernel: [25120.786669] type=1503 audit(1285008058.776:20078): operation="exec" pid=29621 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 <email address hidden>/chrome/content/download_complete_notify.py"
Sep 20 13:40:58 RL kernel: [25120.804152] type=1503 audit(1285008058.796:20079): operation="exec" pid=29624 parent=29512 profile="/usr/lib/firefox-3.6.10/firefox-*bin" requested_mask="::x" denied_mask="::x" fsuid=1000 ouid=0 name="/usr/bin/clamscan"