sudo freshclam not working: ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!)

If I comment out the UpdateLogFile line from /etc/clamav/freshclam.conf like so...

\#UpdateLogFile /var/log/clamav/freshclam.log

...then I am able to run sudo freshclam no problem:

/etc/clamav$ sudo freshclam ClamAV update process started at Mon Feb 
6 00:17:07 2017 main.cvd is up to date (version: 57, sigs: 4218790,
f-level: 60, builder: amishhammer) daily.cld is up to date (version:
23009, sigs: 1509149, f-level: 63, builder: neo) bytecode.cld is up to
date (version: 290, sigs: 55, f-level: 63, builder: neo)

However, if I uncomment the UpdateLogFile line in freshclam.conf and run sudo freshclam, I get this:

/etc/clamav$ sudo freshclam 
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).

Here are the permissions on /var/log:

drwxrwxrwx  1 root root     9 Feb  3  2016 log

Here are the permissions on /var/log/clamav:

drwxr-xr-x  2 clamav    clamav    4096 Feb  5 22:18 clamav

And here are the permissions on /var/log/clamav/freshclam.log:

-rw-r-----  1 clamav adm       0 Feb  5 22:18 freshclam.log

I spent all day trying solutions mentioned in various forums with no luck.

Here is the version of Ubuntu server I am running:

Description:    Ubuntu 14.04.5 LTS

And the engine version of clamav:

Engine version: 0.99.2

Could someone help me?

Stopping the clamav-daemon does not help:

/var/log$ sudo /etc/init.d/clamav-daemon stop 

* Stopping ClamAV daemon clamd        
[ OK ]  /var/log$ sudo freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!). ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).

The output of sudo lsof | grep clam is nothing:

/var/log$ sudo lsof | grep clam
/var/log$

It appears that nothing has a lock on /var/log/clamav/freshclam.log

Here is the output of sudo service --status-all | grep clamav, not including the lines that had question marks and were unrelated to clamav:

$ sudo service --status-all | grep clamav 
[ - ] clamav-daemon
[ - ] clamav-freshclam
$

Same Can't open /var/log/clamav/freshclam.log in append mode (check permissions!) error when I try to run clamav-daemon:

$ sudo service clamav-daemon start
 * Starting ClamAV daemon clamd
ERROR: Can't open /var/log/clamav/clamav.log in append mode (check permissions!).
ERROR: Can't initialize the internal logger
$

UPDATE: purging and reinstalling clamav, clamav-freshclam and clamav-daemon did not resolve the issue. I still get the same error:

$ sudo freshclam
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check permissions!).
ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log).
$

UPDATE 2: I did a sudo reboot, stopped clamav-freshclam, made sure sudo lsof | grep clam returned nothing and that the output of sudo service --status-all | grep clamav still only had minus symbols next to clamav and clamav-daemon. Ran sudo freshclam again, and same error as above (again).


sudo freshclam command is used for updating your antivirus database, which cannot be run while another instance (auto update) is already running.

Stop auto uptade process: sudo /etc/init.d/clamav-freshclam stop

Run manual update: sudo freshclam

Re-Start auto update process: sudo /etc/init.d/clamav-freshclam start

source.


I had this issue as well and all that I really needed to do was set permissions on the log file :

chown -R clamav:adm /var/log/clamav/

For me, I couldn't find the /var/log/clamav/ directory so I simply created it:

mkdir /var/log/clamav/

and changed ownership:

chown -R clamav:clamav /var/log/clamav/

And it worked!


I have looked at this article, and at my own clamav installation and would like to profer a solution.

Like you error message shows it's a permission problem and so try these solutions in sequence, I believe one should work:

Option 1

  1. Checking adm group members and adding $USERNAME to it:

     cat /etc/group | grep ^adm
    
     # Result should be some thing similar to this:
     adm:x:4:syslog,george
    
    • where syslog: generates a log message, which will be distributed by syslogd, and george: user or owner of the system
  2. If members of the adm don't include you or syslod add:

     sudo usermod -a -G adm syslog, and or
     sudo usermod -a -G adm $USERNAME 
    
  3. Restart the system and check if freshclam is working.

Option 2

  1. Change the ownership of these files:

     /var/log/clamav/clamav.log
     /var/log/clamav/freshclam.log
    
     sudo chgrp $USERNAME /var/log/clamav/freshclam.log
     sudo chgrp $USERNAME /var/log/clamav/clamav.log
    
  2. Restart our system and check if freshclam is working

Source(s):

  • man syslog
  • https://forums.cpanel.net/threads/problem-with-internal-logger-clamav.496331/