ClamAV will not maintain ownership of it's /var/lib/clamav/ folder.

[CummingCowGirl]

I just installed a fresh copy of RebornOS and all is great with the exception of when ClamAV goes to update I have to navigate to /var/lib/clamav/ and use rootactions to give active user ownership. Then it will update without issue. Please see my thread on ReornOS's forum. thanks

ClamAV 1.3.1-1 Reborn OS with KDE Plasma 6.1.4

https://rebornos.discourse.group/t/clamav-permissions/1373/5

[Kangie]

We don't have this issue on (e.g.) Gentoo; I suspect that your distro is doing something weird with permissions or that you have.

kangie@monolith /var/db/repos/gentoo/app-antivirus/clamav (master) $ systemctl status clamav-freshclam
○ clamav-freshclam.service - ClamAV virus database updater
     Loaded: loaded (/usr/lib/systemd/system/clamav-freshclam.service; disabled; preset: disabled)
     Active: inactive (dead)
       Docs: man:freshclam(1)
             man:freshclam.conf(5)
             https://docs.clamav.net/
kangie@monolith /var/db/repos/gentoo/app-antivirus/clamav (master) $ systemctl start clamav-freshclam
Time: 0h:00m:03s                                                                                                                                  
kangie@monolith /var/db/repos/gentoo/app-antivirus/clamav (master) $ journalctl -fexu clamav-freshclam 
Aug 30 08:19:21 monolith systemd[1]: Started ClamAV virus database updater.
░░ Subject: A start job for unit clamav-freshclam.service has finished successfully
░░ Defined-By: systemd
░░ Support: https://gentoo.org/support/
░░ 
░░ A start job for unit clamav-freshclam.service has finished successfully.
░░ 
░░ The job identifier is 22557.
Aug 30 08:19:21 monolith freshclam[432632]: ClamAV update process started at Fri Aug 30 08:19:21 2024
Aug 30 08:19:21 monolith freshclam[432632]: daily database available for update (local version: 27002, remote version: 27382)
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadFile: file not found: https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadPatch: Can't download daily-27003.cdiff from https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadFile: file not found: https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadPatch: Can't download daily-27003.cdiff from https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadFile: file not found: https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: downloadPatch: Can't download daily-27003.cdiff from https://database.clamav.net/daily-27003.cdiff
Aug 30 08:19:23 monolith freshclam[432632]: WARNING: Incremental update failed, trying to download daily.cvd
Aug 30 08:19:36 monolith freshclam[432632]: Testing database: '/var/lib/clamav/tmp.f91b7fa0a4/clamav-75d8a8fa3bfc08216c6717519d33e1ff.tmp-daily.cvd' ...
Aug 30 08:19:43 monolith freshclam[432632]: Database test passed.
Aug 30 08:19:43 monolith freshclam[432632]: daily.cvd updated (version: 27382, sigs: 2066101, f-level: 90, builder: raynman)
Aug 30 08:19:43 monolith freshclam[432632]: main.cvd database is up-to-date (version: 62, sigs: 6647427, f-level: 90, builder: sigmgr)
Aug 30 08:19:43 monolith freshclam[432632]: bytecode database available for update (local version: 334, remote version: 335)
Aug 30 08:19:43 monolith freshclam[432632]: Testing database: '/var/lib/clamav/tmp.f91b7fa0a4/clamav-8c10fe307f0cefe7cde115657d17904b.tmp-bytecode.cld' ...
Aug 30 08:19:43 monolith freshclam[432632]: Database test passed.
Aug 30 08:19:43 monolith freshclam[432632]: bytecode.cld updated (version: 335, sigs: 86, f-level: 90, builder: raynman)
Aug 30 08:19:43 monolith freshclam[432632]: WARNING: Clamd was NOT notified: Can't connect to clamd through /run/clamav/clamd.sock: No such file or directory

I don't think that we do anything too weird; we just ensure that the clamav user/group exist and has perms for the directory. Compare your distro's packaging: https://gitweb.gentoo.org/repo/gentoo.git/tree/app-antivirus/clamav/

[CummingCowGirl]

Would it just be faster to see if the clamav group does exist and what if any permissions exist for that folder? I really don't have much knowledge on checking permissions so would need help.

~  groups  ✔  05:05:27 network users video storage lp audio wheel lpadmin autologin cccp ~  id  ✔  05:05:33 uid=1000(cccp) gid=1002(cccp) groups=1002(cccp),90(network),984(users),985(video),987(storage),991(lp),996(audio),998(wheel),1000(lpadmin),1001(autologin) ~ 

[CummingCowGirl]

This worked like a charm.

sudo chown UID:GID /var/lib/clamav && chmod 755 /var/lib/clamav

[CummingCowGirl]

I thought the above command had fixed the issue, but it's not the case.

https://forum.garudalinux.org/t/clamav-permissions/39087

[micahsnyder]

I don't think this is a clamav bug. It looks like the user account running freshclam doesn't own the database directory.

Ordinarily you would create that /var/lib/clamav directory after install, set it to be owned by "clamav" or whichever user is going to be running freshclam, and set permissions to 755 so that other accounts can read from it.

Typically for a system install, freshclam is run as the "clamav" user - or is run by root or using "sudo" and then it will make the switch to run as that "clamav" user. If you want to have it run as a different user, you can change the "DatabaseOwner" option in "freshclam.conf".

So normally, you would have made that directory and set ownership and permissions like:

sudo mkdir -p /var/lib/clamav
sudo chown -R clamav:clamav /var/lib/clamav
sudo chmod 755 /var/lib/clamav

And then your service manager, or crontab, or you personally would start freshclam as root or with 'sudo' like:

sudo freshclam

From reading your discourse messages, it looks like something else is running freshclam for you. So whatever that software is ... it needs to run freshclam as the right user.

[CummingCowGirl]

Sounds to me like the one package has some kind of issue itself. Three different Arch based OS installs and exactly the same issue.

My normal routine is install the OS, update / reboot, tweak (all Plasma settings to my liking, install items that only run from terminal, install RootActions), reboot, go into /mnt/ take ownership using RootActions, create my folders for my drives and partitions, mount my drives and folders to the newly created ones, customize Dolphin including it's toolbar, install my software.

As you can see I make no changes to permission manually.

[micahsnyder]

What package are you using? How are you installing?

My team only makes the packages published here:

• https://github.com/Cisco-Talos/clamav/releases
• https://www.clamav.net/downloads

Our packages install under /usr/local and set the database directory to /usr/local/share/clamav (not /var/lib/clamav). Our package is also really bare bones and doesn't set up the database directory, ownership, user/group, or config files. So... it wouldn't be ours. If you need support with that package you'll have to find a ticket queue or mailer or something for the folks who make it.

[CummingCowGirl]

So no package directly from you that is meant for Arch?

[micahsnyder]

So no package directly from you that is meant for Arch?

Nope.

[CummingCowGirl]

So no package directly from you that is meant for Arch?

Nope.

Is there anything that can be done to work around this issue and or simply fix it so this version of CalamAV looks at the correct location? Thanks

[Kangie]

Ideally the arch packagers will permanently fix this. Try reaching out to them.

To fix it for you the aforementioned chmod commands for whichever user is intended to run freshclam should do the job.

[micahsnyder]

I'm going to close this since ClamAV itself is working as intended and the desire to be able to run freshclam as your user account to update the system-wide installed databases under /var/lib/clamav is outside of the recommended use case.