freshclam & clamav questions

Hi, I have had various errors with these processes. Running Feisty 7.04.

Googled for answers and was pointed to

$ ls -l /usr/local/share/clamav
ls: /usr/local/share/clamav: No such file or directory

Can't lock database directory: /var/lib/clamav

is the message I get

~$ ls -l /var/lib/clamav/
total 10061
-rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
-rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
-rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat

total 10061
-rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
-rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
-rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat

I have no clue. Please someone kindly tip me off. I don't want no
viruses or identity theft, etc, and think this must work. Please and
thank you, if you will be so kind to help.

It was all automagically installed with synaptic.

oOg wrote:
> Hi, I have had various errors with these processes. Running Feisty 7.04.
>
> Googled for answers and was pointed to
>
> $ ls -l /usr/local/share/clamav
> ls: /usr/local/share/clamav: No such file or directory
>
> Can't lock database directory: /var/lib/clamav
>
> is the message I get
>
> ~$ ls -l /var/lib/clamav/
> total 10061
> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>
> total 10061
> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>
> I have no clue. Please someone kindly tip me off. I don't want no
> viruses or identity theft, etc, and think this must work. Please and
> thank you, if you will be so kind to help.
>
> It was all automagically installed with synaptic.

first of all unless your system is also a mail server
or something else that provides file sharing services to other clients (win)
running clamav is pretty worthless.

try this one: ls -ld /var/lib/clamav
that command gives you the actual permissions of that dir, ls -l dir/
just gives permissions of the
contents of the dir.

you're right to look for the perms tho since
Can't lock database directory: /var/lib/clamav
does seem like a permission error.

how do you start clamav btw ?
and under which user account.
you can find commands with which and whereis

lastly read the documentation, heck even try to find a ubuntu specific
howto for all i care
and you can always strace the command and grep it for open and exec
system calls
example:

strace clamav &> strace.dump
egrep '^open|exec' strace.dump

suid/seuid syscalls can also be valuable in this case, since well
no point in changing perms of a lot of files and thus opening up your system
if it's just running under the wrong (eg underpriveledged) account

PS: please don't post the same ls output twice

On 25 Oct, 08:33, oOg <o...@oOg.oOg> wrote:
> Hi, I have had various errors with these processes. Running Feisty 7.04.
>
> Googled for answers and was pointed to
>
> $ ls -l /usr/local/share/clamav
> ls: /usr/local/share/clamav: No such file or directory
>
> Can't lock database directory: /var/lib/clamav
>
> is the message I get
>
> ~$ ls -l /var/lib/clamav/
> total 10061
> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>
> total 10061
> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>
> I have no clue. Please someone kindly tip me off. I don't want no
> viruses or identity theft, etc, and think this must work. Please and
> thank you, if you will be so kind to help.
>
> It was all automagically installed with synaptic.

Are you running SeLinux? That can be a serious source of pin in manual
software installations such as ClamAV.

Nico wrote:
> On 25 Oct, 08:33, oOg <o...@oOg.oOg> wrote:
>> Hi, I have had various errors with these processes. Running Feisty 7.04.
>>
>> Googled for answers and was pointed to
>>
>> $ ls -l /usr/local/share/clamav
>> ls: /usr/local/share/clamav: No such file or directory
>>
>> Can't lock database directory: /var/lib/clamav
>>
>> is the message I get
>>
>> ~$ ls -l /var/lib/clamav/
>> total 10061
>> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
>> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
>> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
>> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>>
>> total 10061
>> -rw-r--r-- 1 clamav clamav 903927 2007-10-25 02:05 daily.cvd
>> -rw-r--r-- 1 root root 9351789 2007-10-25 02:02 main.cvd
>> drwxr-xr-x 2 clamav clamav 1024 2007-10-01 00:48 main.inc
>> -rw------- 1 clamav clamav 1352 2007-10-25 03:06 mirrors.dat
>>
>> I have no clue. Please someone kindly tip me off. I don't want no
>> viruses or identity theft, etc, and think this must work. Please and
>> thank you, if you will be so kind to help.
>>
>> It was all automagically installed with synaptic.
>
> Are you running SeLinux? That can be a serious source of pin in manual
> software installations such as ClamAV.
>
he's a noobie and i don't think ubuntu comes with SeLinux enabled
it would be very stupid if it was

On Thu, 25 Oct 2007 13:39:13 +0200, goarilla wrote:

> oOg wrote:
>> Hi, I have had various errors with these processes. Running Feisty 7.04.
>>
>> Googled for answers and was pointed to
>>
>> $ ls -l /usr/local/share/clamav
>> ls: /usr/local/share/clamav: No such file or directory
>>
>> Can't lock database directory: /var/lib/clamav
>>
>> is the message I get

[...]

>> I have no clue. Please someone kindly tip me off. I don't want no
>> viruses or identity theft, etc, and think this must work. Please and
>> thank you, if you will be so kind to help.
>>
>> It was all automagically installed with synaptic.


====================
Well, DOH..., I guess that maybe I had a scan running when I got that
message, which would explain it. ;/ It (freshclam) runs OK now, only
updating sigs and telling me my engine is out of date. I did learn from
what you wrote, and appreciate it.

For your interest below I had written to try to answer the questions you
asked. [[oOg with red face humbly thanks the kind helpers and quietly goes
back to work arranging for brain transplant surgery and elective attention
augmentation.]]
====================




>
> first of all unless your system is also a mail server
> or something else that provides file sharing services to other clients (win)
> running clamav is pretty worthless.

I'm not running the daemon, just do periodic scans with clamscan.
>
> try this one: ls -ld /var/lib/clamav
> that command gives you the actual permissions of that dir, ls -l dir/
> just gives permissions of the
> contents of the dir.

~$ ls -ld /var/lib/clamav
drwxr-xr-x 4 clamav clamav 1024 2007-10-25 17:01 /var/lib/clamav

Tells me I believe that only root has write permission.

The output of clamscan tells me to update, Synaptic doesn't show any
available updates, so I try freshclam as root, which gives me the error
shown above.
>
> you're right to look for the perms tho since Can't lock database
> directory: /var/lib/clamav does seem like a permission error.
>
> how do you start clamav btw ?
> and under which user account.
> you can find commands with which and whereis

I only run clamscan. I run it as a normal user when I scan my home
directory,

$ clamscan -ir -l scan.txt

and as root when I scan the entire disk. Sorry I wasn't clear about that.
>
> lastly read the documentation,

Yes I do a lot of this. I'm coming against some deadlines and thought
this might be too critical to postpone further. So I really appreciate
you taking your time and knowledge to try to help.

> heck even try to find a ubuntu specific
> howto for all i care

It's worth a thought.

> and you can always strace the command and grep it for open and exec
> system calls
> example:
>
> strace clamav &> strace.dump
> egrep '^open|exec' strace.dump

Thanks. This is new to me and I will read about it and try it.
>
> suid/seuid syscalls can also be valuable in this case, since well no
> point in changing perms of a lot of files and thus opening up your
> system if it's just running under the wrong (eg underpriveledged)
> account

This is probably what it is about. Also possible, I don't think I did,
put perhaps I had another process using the directory or db. It's pretty
difficult and time consuming for me to figure each thing like this out
the very first time. I will use what you wrote. Thanks again.
>
> PS: please don't post the same ls output twice

Sorry. It must have been an inadvertent extra middle mouse click paste.
I'll try to be more careful.