ClamAV’s clamd/freshclam permission problems

Since I have always used ClamAV‘s clamd as the virus filter of my email servers along with qmail-scanner, I noticed that crash-hat‘s clamav RPM packages use logrotate to rotate the logs files. qmail-scanner runs as its own user (qscand), so clamd has to run under the same user. When the RPM package was first installed, it created these directories: /var/run/clamav/ and /var/log/clamav/. Chown these 2 directories to qscand (this assumes that User directives in freshclam.conf and clamd.conf have been changed to qscand), otherwise clamd and freshclam wouldn’t be able to write any logs and pid file and neither service would start.

As for the logrotate configuration, edit clamd and freshclam in /etc/logrotate.d/ to change the log files’ ownership to qscand instead of clamav. Modify line 8 where it says:

create 640 clamav clamav

to

create 640 qscand clamav

That should do the trick. 🙂

One thought on “ClamAV’s clamd/freshclam permission problems

Leave a Reply

Your email address will not be published. Required fields are marked *

Anti-Spam by WP-SpamShield