[Bug 585026] Re: freshclam won't execute /etc/clamav/onupdateexecute.d scripts
Marc Deslauriers
marc.deslauriers at canonical.com
Wed May 26 17:39:36 BST 2010
Thanks for reporting this issue.
The default apparmor profile for the freshclam binary doesn't contain
rules for scripts added to the /etc/clamav/onupdateexecute.d directory
as we can't predict what those scripts will be doing.
You can fix this is one of three ways:
1- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add
"/bin/dash ixr," and other rules necessary for your script to run
properly. (recommended)
2- Modify the /etc/apparmor.d/usr.bin.freshclam profile to add
"/bin/dash Uxr,", which will let scripts run unconfined. This is a
security compromise.
3- Disable the freshclam profile by doing "sudo touch
/etc/apparmor.d/disable/usr.bin.freshclam". This disables apparmor
security for the freshclam tool. This is not recommended.
--
freshclam won't execute /etc/clamav/onupdateexecute.d scripts
https://bugs.launchpad.net/bugs/585026
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to clamav in ubuntu.
More information about the Ubuntu-server-bugs
mailing list