freshclam: Can't create temporary directory /var/lib/clamav/tmp.XXX

[SuperKaninchen]

Describe the bug

Using the freshclam command without parameters yields an error:

[root@host]# freshclam
ClamAV update process started at Tue Oct 12 13:25:40 2021
ERROR: Can't create temporary directory /var/lib/clamav/tmp.ed2876c748
Hint: The database directory must be writable for UID 980 or GID 971
ERROR: Update failed.

This is what the mentioned directory looks like:

drwxr-xr-x.  2 clamav clamav 4,0K  7. Sep 00:16 .
drwxr-xr-x. 61 root   root   4,0K  1. Sep 19:28 ..
-rw-r--r--.  1 clamav clamav 287K  8. Apr 2021  bytecode.cvd
-rw-r--r--.  1 clamav clamav 175M  6. Sep 22:42 daily.cld
-rw-r--r--.  1 clamav clamav   69  6. Sep 22:42 freshclam.dat
-rw-r--r--.  1 clamav clamav 161M  6. Sep 22:45 main.cvd

So the directory referenced above is owned by the user clamav already, with read and write permissions set.

How to reproduce the problem

I followed the documentation for installation and configuration.

Output of clamav -n:

Checking configuration files in /etc

clamd.d/scan.conf not found

Config file: freshclam.conf
---------------------------
DatabaseMirror = "database.clamav.net"

mail/clamav-milter.conf not found

Software settings
-----------------
Version: 0.103.3
Optional features supported: MEMPOOL IPv6 AUTOIT_EA06 BZIP2 LIBXML2 PCRE2 ICONV JSON 

Database information
--------------------
Database directory: /var/lib/clamav
WARNING: freshclam.conf and clamd.conf point to different database directories
daily.cld: version 26286, sigs: 1970962, built on Mon Sep  6 10:22:23 2021
bytecode.cvd: version 333, sigs: 92, built on Mon Mar  8 16:21:51 2021
main.cvd: version 61, sigs: 6607162, built on Thu Jul 15 04:39:10 2021
Total number of signatures: 8578216

Platform information
--------------------
uname: Linux 5.12.15-300.fc34.x86_64 #1 SMP Wed Jul 7 19:46:50 UTC 2021 x86_64
OS: linux-gnu, ARCH: x86_64, CPU: x86_64
Full OS version: "Fedora release 34 (Thirty Four)"
zlib version: 1.2.11 (1.2.11), compile flags: a9
platform id: 0x0a217c7c08000000020b0201

Build information
-----------------
GNU C: 11.2.1 20210728 (Red Hat 11.2.1-1) (11.2.1)
CPPFLAGS: -I/usr/include/libprelude
CFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64
CXXFLAGS: -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection
LDFLAGS: -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld  -lprelude
Configure: '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--localstatedir=/var' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--enable-milter' '--disable-clamav' '--disable-static' '--disable-zlib-vcheck' '--disable-unrar' '--enable-id-check' '--enable-dns' '--with-dbdir=/var/lib/clamav' '--with-group=clamupdate' '--with-user=clamupdate' '--disable-rpath' '--disable-silent-rules' '--enable-clamdtop' '--enable-prelude' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CXX=g++' 'CXXFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld' 'CC=gcc' 'CFLAGS=-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1  -m64  -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
sizeof(void*) = 8
Engine flevel: 124, dconf: 124

Note: I noticed that the docs are (at least for me) incorrect, as they mention the file clamd.conf multiple times, but the contents of mine (generated via clamconf) state:

ERROR: Unknown config file
Available options: clamd.d/scan.conf freshclam.conf mail/clamav-milter.conf

[micahsnyder]

As you noticed, the clamav database directory (in this case /var/lib/clamav) is owned by the clamav user. You will need to start freshclam as root, either using sudo freshclam or starting it in daemon mode with systemd. freshclam will switch from the root user to the clamav user on startup so it can update the database directory.

Note: I noticed that the docs are (at least for me) incorrect, as they mention the file clamd.conf multiple times, but the contents of mine (generated via clamconf) state:

ERROR: Unknown config file
Available options: clamd.d/scan.conf freshclam.conf mail/clamav-milter.conf

Regarding this, the Fedora package maintainer a while back had some opinions about how clamav should be installed and renamed our config files and put them in subdirectories. Our documentation reflects the official clamav behavior. You will have to ask Fedora for help with their customizations.

[SuperKaninchen]

As indicated by

[root@host]# freshclam

I did run it as root. Starting it in daemon mode using freshclam -d leads to no output to the console (as expected from a daemon), but the log file is empty too, and the files in /var/lib/clamav stay unchanged

[micahsnyder]

I'm still a little stumped then. I've looked at this a couple time since and am unsure how to response. Did you learn anymore since your lost comment about what's going wrong here?

If you run id -u clamav does it say 980?

[the6thBook]

Similar issue: ClamAV update process started at Thu Sep 19 14:42:26 2024 daily database available for update (local version: 27397, remote version: 27403) Current database is 6 versions behind. Downloading database patch # 27398... Time: 0.3s, ETA: 0.0s [========================>] 4.16KiB/4.16KiB Downloading database patch # 27399... Time: 0.2s, ETA: 0.0s [========================>] 4.59KiB/4.59KiB Downloading database patch # 27400... Time: 0.2s, ETA: 0.0s [========================>] 3.25KiB/3.25KiB Downloading database patch # 27401... Time: 0.3s, ETA: 0.0s [========================>] 2.28KiB/2.28KiB Downloading database patch # 27402... Time: 0.2s, ETA: 0.0s [========================>] 5.93KiB/5.93KiB Downloading database patch # 27403... Time: 0.2s, ETA: 0.0s [========================>] 7.01KiB/7.01KiB ERROR: buildcld: Can't open /var/lib/clamav/tmp.0000000000/clamav-00000000000000000000000000000000.tmp for writing ERROR: updatedb: Incremental update failed. Failed to build CLD.

Running freshclam as root doesn't resolve it

[ToaBollua]

I'm still a little stumped then. I've looked at this a couple time since and am unsure how to response. Did you learn anymore since your lost comment about what's going wrong here?

If you run id -u clamav does it say 980?

I just had this same issue and after reading the issue my id for clamav is 64 apparently. Why is that important and how can I change it if its necessary? Thanks ;)

$ id -u clamav
64