[Bug 585026] [NEW] freshclam won't execute /etc/clamav/onupdateexecute.d scripts

Ralf Hildebrandt Ralf.Hildebrandt at charite.de
Mon May 24 17:25:04 BST 2010 

Public bug reported:

Binary package hint: clamav

my freshclam.conf uses:

OnUpdateExecute /bin/run-parts /etc/clamav/onupdateexecute.d

but the apparmour profile seems to disallow this:

[1427457.803239] type=1503 audit(1274406436.102:100):  operation="exec" pid=25597 parent=25596 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1445463.435245] type=1503 audit(1274424441.734:101):  operation="exec" pid=10464 parent=10463 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1449066.054598] type=1503 audit(1274428044.354:102):  operation="exec" pid=30971 parent=30970 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1452667.660441] type=1503 audit(1274431645.962:103):  operation="exec" pid=19238 parent=19237 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1463472.998457] type=1503 audit(1274442451.298:104):  operation="exec" pid=16132 parent=16131 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1470677.395380] type=1503 audit(1274449655.694:105):  operation="exec" pid=26667 parent=26666 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"
[1495879.704428] type=1503 audit(1274474858.006:106):  operation="exec" pid=8018 parent=8017 profile="/usr/bin/freshclam" requested_mask="::x" denied_mask="::x" fsuid=107 ouid=0 name="/bin/dash"

/etc/clamav/onupdateexecute.d contains:

# ll /etc/clamav/onupdateexecute.d
total 4
-rwxr-xr-x 1 root root 177 2010-05-23 11:12 reload_virusdb

which is as simple as:

#!/bin/bash
sleep $(($RANDOM % 120));
echo "Reloading clam on `hostname`" | mailx -s "clam reload" spamtrap at charite.de
echo -n  "srv_clamav:dbreload" > /var/run/c-icap/c-icap.ctl

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: clamav-freshclam 0.96+dfsg-2ubuntu1.2
ProcVersionSignature: Ubuntu 2.6.32-21.32-generic-pae 2.6.32.11+drm33.2
Uname: Linux 2.6.32-21-generic-pae i686
Architecture: i386
Date: Mon May 24 18:21:17 2010
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: clamav

** Affects: clamav (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apport-bug i386 lucid

-- 
freshclam won't execute /etc/clamav/onupdateexecute.d scripts
https://bugs.launchpad.net/bugs/585026
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.

More information about the Ubuntu-server-bugs mailing list