Hi folks, Just updating clamav 'bundle' from old 'clamav-server' (i think the just previous) and i noticed that the 'clamav' user/group for this pkg is not created by default by the rpm pkg. At the same time, the /var/log/clamav is not updated/created with clamav.clamav ownership, Don't know if it is my actual config (previous one untouched anyway), but this is what i did to get it up and running in a CentOs 4.3 host Thanks for your ideas Jose -------- [root at sparkbox ~]# yum update <...> Resolving Dependencies --> Populating transaction set with selected packages. Please wait. ---> Package clamav.i386 0:0.88.3-1.el4.rf set to be updated ---> Package clamav-db.i386 0:0.88.3-1.el4.rf set to be updated ---> Package clamd.i386 0:0.88.3-1.el4.rf set to be updated --> Running transaction check Dependencies Resolved ============================================================================= Package Arch Version Repository Size ============================================================================= Installing: clamav i386 0.88.3-1.el4.rf rpmforge 724 k replacing clamav-lib.i386 0.88.2-2.el4.kb clamav-db i386 0.88.3-1.el4.rf rpmforge 5.1 M replacing clamav-update.i386 0.88.2-2.el4.kb clamd i386 0.88.3-1.el4.rf rpmforge 64 k replacing clamav-server.i386 0.88.2-2.el4.kb Transaction Summary ============================================================================= Install 3 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 5.9 M Is this ok [y/N]: y Downloading Packages: (1/3): clamav-0.88.3-1.el 100% |=========================| 724 kB 00:01 (2/3): clamav-db-0.88.3-1 100% |=========================| 5.1 MB 00:11 (3/3): clamd-0.88.3-1.el4 100% |=========================| 64 kB 00:00 Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing: clamav-db ######################### [1/8] Installing: clamav [2/8]warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew Installing: clamav ######################### [2/8] Installing: clamd ######################### [3/8] Cleanup : clamav ######################### [4/8] Removing : clamav-lib ######################### [5/8] warning: /etc/sysconfig/freshclam saved as /etc/sysconfig/freshclam.rpmsave warning: /etc/cron.d/clamav-update saved as /etc/cron.d/clamav-update.rpmsave Removing : clamav-update ######################### [6/8] warning: /var/lib/clamav/main.cvd saved as /var/lib/clamav/main.cvd.rpmsave warning: /var/lib/clamav/daily.cvd saved as /var/lib/clamav/daily.cvd.rpmsave Removing : clamav-data ######################### [7/8] Removing : clamav-server ######################### [8/8] Installed: clamav.i386 0:0.88.3-1.el4.rf clamav-db.i386 0:0.88.3-1.el4.rf clamd.i386 0:0.88.3-1.el4.rf Replaced: clamav-data.i386 0:0.88.2-2.el4.kb clamav-lib.i386 0:0.88.2-2.el4.kb clamav-server.i386 0:0.88.2-2.el4.kb clamav-update.i386 0:0.88.2-2.el4.kb Complete! [root at sparkbox ~]# service clamd start Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clamav. [FALLÓ] [root at sparkbox ~]# cp /etc/freshclam.conf /etc/freshclam.conf.old [root at sparkbox ~]# cp /etc/freshclam.conf.rpmnew /etc/freshclam.conf cp: ¿sobreescribir «/etc/freshclam.conf»? (s/n) s [root at sparkbox ~]# groupadd clamav [root at sparkbox ~]# useradd -g clamav -s /sbin/nologin -c "Clam AntiVirus" clamav [root at sparkbox ~]# service clamd start Starting Clam AntiVirus Daemon: [ OK ] [root at smarteyebox yum.repos.d]# freshclam -v ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!). ERROR: Problem with internal logger. [root at sparkbox ~]# l /var/log/clamav/ drwxr-xr-x 2 104 105 4,0K jul 3 10:32 clamav/ <...> [root at sparkbox ~]# chown -R clamav.clamav /var/log/clamav/ [root at sparkbox ~]# freshclam -v Current working dir is /var/clamav Max retries == 3 ClamAV update process started at Mon Jul 3 10:47:04 2006 Querying current.cvd.clamav.net TTL: 103 Software version from DNS: 0.88.3 main.cvd version from DNS: 39 main.cvd is up to date (version: 39, sigs: 58116, f-level: 8, builder: tkojm) daily.cvd version from DNS: 1579 daily.cvd is up to date (version: 1579, sigs: 2627, f-level: 8, builder: sven) Freeing option list...done [root at sparkbox ~]# clamscan /root/.xauthv1YQ7D: OK /root/.rpmmacros: OK /root/.festival_history: OK /root/.bash_history: OK /root/.xauthyIE3tF: OK /root/.gtkrc-1.2-gnome2: OK /root/.xauthrr5vmv: OK /root/.bash_profile: OK <...> ----------- SCAN SUMMARY ----------- Known viruses: 60743 Engine version: 0.88.3 Scanned directories: 1 Scanned files: 54 Infected files: 0 Data scanned: 0.18 MB Time: 2.030 sec (0 m 2 s) [sm0ketst at sparkbox ~]$ clamscan /home/sm0ketst/.signature.tag: OK /home/sm0ketst/.rpmmacros: OK /home/sm0ketst/soundconverter.log: OK <...>