On Tuesday 17 June 2008 12:16, Ralph Angenendt wrote: > Simon Banton wrote: > >> Every day I see in logwatch that my signatures are updated, and the > >> database notified, but if I try to scan a file manually it tells me that > >> my signatures are 55 days old. > > > > I think clamscan looks for the db files in a compiled-in default > > location of /usr/local/share/clamav and doesn't consult the clamd.conf or > > freshclam.conf files (after all, why would it?) > > It does at least open freshclam.conf (which means that that one must be > *readable* by the user running clamscan: > > admin at mail-gw-3:~$strace -eopen clamscan > open("/etc/ld.so.cache", O_RDONLY) = 3 > open("/usr/lib/libclamav.so.4", O_RDONLY) = 3 > open("/lib/tls/libpthread.so.0", O_RDONLY) = 3 > open("/lib/tls/libc.so.6", O_RDONLY) = 3 > open("/usr/lib/libz.so.1", O_RDONLY) = 3 > open("/usr/lib/libbz2.so.1", O_RDONLY) = 3 > open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3 > open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3 > open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3 > open("/etc/freshclam.conf", O_RDONLY) = 3 > open("/var/clamav/daily.cld", O_RDONLY) = 3 > freshclam.conf was root:root, so I've fixed that. Running your strace command gives me strace -eopen clamscan open("/etc/ld.so.cache", O_RDONLY) = 3 open("/usr/lib/libclamav.so.4", O_RDONLY) = 3 open("/lib/libpthread.so.0", O_RDONLY) = 3 open("/lib/libc.so.6", O_RDONLY) = 3 open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3 open("/usr/lib/libbz2.so.1", O_RDONLY) = 3 open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3 open("/usr/lib/libz.so.1", O_RDONLY) = 3 open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3 open("/etc/freshclam.conf", O_RDONLY) = 3 open("/var/clamav/daily.cld", O_RDONLY) = 3 open("/var/clamav", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 open("/var/clamav/main.cvd", O_RDONLY) = 4 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/COPYING", O_WRONLY|O_CREAT| O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.info", O_WRONLY| O_CREAT|O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.db", O_WRONLY|O_CREAT| O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.hdb", O_WRONLY| O_CREAT|O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.mdb", O_WRONLY| O_CREAT|O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.ndb", O_WRONLY| O_CREAT|O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.zmd", O_WRONLY| O_CREAT|O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.fp", O_WRONLY|O_CREAT| O_TRUNC, 0666) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5", O_RDONLY|O_NONBLOCK| O_LARGEFILE|O_DIRECTORY) = 5 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.zmd", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.mdb", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.db", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.ndb", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.fp", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5/main.hdb", O_RDONLY) = 6 open("/tmp/clamav-7c516bc61aa49e497301e91e0930f6c5", O_RDONLY|O_NONBLOCK| O_LARGEFILE|O_DIRECTORY) = 5 open("/proc/meminfo", O_RDONLY) = 3 open("/root", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3 open("/root/.xauthXN80U8", O_RDONLY) = 4 /root/.xauthXN80U8: OK open("/root/.viminfo", O_RDONLY) = 4 /root/.viminfo: OK open("/root/.bash_profile", O_RDONLY) = 4 /root/.bash_profile: OK open("/root/iptables.orig", O_RDONLY) = 4 /root/iptables.orig: OK open("/root/iptables.txt~", O_RDONLY) = 4 /root/iptables.txt~: OK open("/root/iptables.txt", O_RDONLY) = 4 /root/iptables.txt: OK open("/root/scan.txt", O_RDONLY) = 4 /root/scan.txt: OK open("/root/.DCOPserver_borg2.lydgate.net__0", O_RDONLY) = 4 /root/.DCOPserver_borg2.lydgate.net__0: OK open("/root/.serverauth.3061", O_RDONLY) = 4 /root/.serverauth.3061: OK open("/root/.seaudit", O_RDONLY) = 4 /root/.seaudit: OK open("/root/.bashrc", O_RDONLY) = 4 /root/.bashrc: OK open("/root/.audacity", O_RDONLY) = 4 /root/.audacity: OK open("/root/.rnd", O_RDONLY) = 4 /root/.rnd: OK open("/root/.xauthhEtrij", O_RDONLY) = 4 /root/.xauthhEtrij: OK open("/root/.cshrc", O_RDONLY) = 4 /root/.cshrc: OK open("/root/.mcoprc", O_RDONLY) = 4 /root/.mcoprc: OK open("/root/.fonts.conf", O_RDONLY) = 4 /root/.fonts.conf: OK open("/root/.serverauth.3072", O_RDONLY) = 4 /root/.serverauth.3072: OK open("/root/.tcshrc", O_RDONLY) = 4 /root/.tcshrc: OK open("/root/install.log.syslog", O_RDONLY) = 4 /root/install.log.syslog: OK open("/root/.xauthOUZGv0", O_RDONLY) = 4 /root/.xauthOUZGv0: OK open("/root/.Xauthority", O_RDONLY) = 4 /root/.Xauthority: OK open("/root/install.log", O_RDONLY) = 4 /root/install.log: OK open("/root/.bash_logout", O_RDONLY) = 4 /root/.bash_logout: OK open("/root/.serverauth.3046", O_RDONLY) = 4 /root/.serverauth.3046: OK open("/root/.xauthSTMbGw", O_RDONLY) = 4 /root/.xauthSTMbGw: OK open("/root/anaconda-ks.cfg", O_RDONLY) = 4 /root/anaconda-ks.cfg: OK open("/root/.serverauth.3169", O_RDONLY) = 4 /root/.serverauth.3169: OK open("/root/.lesshst", O_RDONLY) = 4 /root/.lesshst: OK open("/root/.ICEauthority", O_RDONLY) = 4 /root/.ICEauthority: OK open("/root/.bash_history", O_RDONLY) = 4 /root/.bash_history: OK ----------- SCAN SUMMARY ----------- Known viruses: 315716 Engine version: 0.93.1 Scanned directories: 1 Scanned files: 31 Infected files: 0 Data scanned: 0.05 MB Time: 4.950 sec (0 m 4 s) The message about signatures being ancient comes from ClamTK virus scanner. Maybe there's some connection there that needs fixing? I'm totally naive on this, so bear with me, please :-) Anne