Saturday, April 6, 2013

ClamAV, Ubuntu, Symbolic Links and AppArmor

I have just been having the most annoying time getting clamav to work properly in AWS on Ubuntu 12.04.  On one system it would start and log properly, but freshclam would fail to log.  On another system it wouldn't start nor would freshclam run.  In all cases it was displaying errors that it could not open the respective log files for append.  In one case, I mounted a volume and tried to create a symbolic link to the new volume and move /var/log/clamav there, and it would work in the default location but not in the new location. Permissions were fine, ownership was fine.  Then I discovered apparmor.  I needed to modify the clamav and freshclam profiles in apparmor to allow the two applications to write to the various directories to which they needed access.  In one case clamav had permissions from the install but freshclam didn't.  In another case, neither had permissions.  And in the case that I tried to use a symbolic link, I actually had to add the actual path to which the link pointed into the apparmor profile for both clamav and freshclam.

So simple, yet cost me so much time, and reading the types of issues that others are having, I suspect that this is causing them the same grief.

Hope that this helps someone.