ClamAV Permission Problem
I was having issues with the ClamAV version 0.93 from the Debian Volatile repository. The clamav-daemon failed to start after the upgrade.
$ /etc/init.d/clamav-daemon restart Stopping ClamAV daemon: clamd. Starting ClamAV daemon: clamd /lib/lsb/init-functions: line 53: /sbin/start-stop-daemon: Permission denied
It took a while to figure out why, but the reason was finally pretty obvious. For some reason, the init script changes the user ID before it executes LSB init-functions and start_daemon:
# DAEMON = "/usr/sbin/clamd" # User = "clamav" su "$User" -p -s /bin/sh -c ". /lib/lsb/init-functions && start_daemon -p $THEPIDFILE $DAEMON"
Now, this of course fails if the user “clamav” does not have permissions to execute scripts in the /sbin directory. (And I think the /sbin directory should always be chmoded to 700 for hardened security.)
Because the ClamAV daemon process changes its user ID to “clamav” on startup, I don’t understand the function of the “su clamav” command here in the init script. So, I removed it:
. /lib/lsb/init-functions && start_daemon -p "$THEPIDFILE" "$DAEMON"
The ClamAV daemon is working again. Hope this helps someone who is having similar issues.