Ubuntu
clamav package

AppArmor.d profile parsing error after update

Bug #360919 reported by maple03
6
Affects Status Importance Assigned to Milestone
Hardy Backports
Fix Released
Low
Scott Kitterman
clamav (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: clamav-freshclam

AppArmor parser error in /etc/apparmor.d/usr.bin.freshclam at line 401: syntax error, unexpected TOK_ID, expecting TOK_MODE
 Profile /etc/apparmor.d/usr.bin.freshclam failed to load

The line 401 is:
deny /var/run/samba/gencache.tdb mrwkl,

Revision history for this message
Martin West (martin-objectgizmos) wrote :

me to ...
The following packages will be upgraded:
  clamav-base clamav-daemon clamav-freshclam libclamav5
4 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/20.5MB of archives.
After this operation, 0B of additional disk space will be used.
Do you want to continue [Y/n]?
Preconfiguring packages ...
(Reading database ... 59169 files and directories currently installed.)
Preparing to replace libclamav5 0.94.dfsg.2-1ubuntu0.1~hardy1 (using .../libclamav5_0.94.dfsg.2-1ubuntu0.3~hardy1_i386.deb) ...
Unpacking replacement libclamav5 ...
Preparing to replace clamav-freshclam 0.94.dfsg.2-1ubuntu0.1~hardy1 (using .../clamav-freshclam_0.94.dfsg.2-1ubuntu0.3~hardy1_i386.deb) ...
 * Stopping ClamAV virus database updater freshclam
   ...done.
Unpacking replacement clamav-freshclam ...
Preparing to replace clamav-daemon 0.94.dfsg.2-1ubuntu0.1~hardy1 (using .../clamav-daemon_0.94.dfsg.2-1ubuntu0.3~hardy1_i386.deb) ...
 * Stopping ClamAV daemon clamd
   ...done.
Unpacking replacement clamav-daemon ...
Preparing to replace clamav-base 0.94.dfsg.2-1ubuntu0.1~hardy1 (using .../clamav-base_0.94.dfsg.2-1ubuntu0.3~hardy1_all.deb) ...
Unpacking replacement clamav-base ...
Setting up libclamav5 (0.94.dfsg.2-1ubuntu0.3~hardy1) ...

Setting up clamav-base (0.94.dfsg.2-1ubuntu0.3~hardy1) ...

Setting up clamav-freshclam (0.94.dfsg.2-1ubuntu0.3~hardy1) ...
Installing new version of config file /etc/apparmor.d/usr.bin.freshclam ...
Reloading AppArmor profiles Warning: found /etc/apparmor.d/force-complain/usr.bin.freshclam, forcing complain mode
AppArmor parser error in /etc/apparmor.d/usr.bin.freshclam at line 401: syntax error, unexpected TOK_ID, expecting TOK_MODE
 Profile /etc/apparmor.d/usr.bin.freshclam failed to load
Warning: found /etc/apparmor.d/force-complain/usr.sbin.clamd, forcing complain mode
 Skipping profile /etc/apparmor.d/usr.sbin.clamd.dpkg-new
: Warning.
AppArmor parser error in /etc/apparmor.d/usr.bin.freshclam at line 401: syntax error, unexpected TOK_ID, expecting TOK_MODE
 * Starting ClamAV virus database updater freshclam
   ...done.

Setting up clamav-daemon (0.94.dfsg.2-1ubuntu0.3~hardy1) ...
Reloading AppArmor profiles Warning: found /etc/apparmor.d/force-complain/usr.bin.freshclam, forcing complain mode
AppArmor parser error in /etc/apparmor.d/usr.bin.freshclam at line 401: syntax error, unexpected TOK_ID, expecting TOK_MODE
 Profile /etc/apparmor.d/usr.bin.freshclam failed to load
Warning: found /etc/apparmor.d/force-complain/usr.sbin.clamd, forcing complain mode
: Failed.
invoke-rc.d: initscript apparmor, action "force-reload" failed.
 * Starting ClamAV daemon clamd
LibClamAV Warning: ***********************************************************
LibClamAV Warning: *** This version of the ClamAV engine is outdated. ***
LibClamAV Warning: *** DON'T PANIC! Read http://www.clamav.net/support/faq ***
LibClamAV Warning: ***********************************************************
   ...done.

Revision history for this message
maple03 (maple03) wrote :

I am using Ubuntu 8.04.2.

Revision history for this message
Scott Kitterman (kitterman) wrote :

It looks like we need to customize the apparmor profile in Hardy. If you remove that line is it otherwise OK?

Revision history for this message
maple03 (maple03) wrote :

If I comment that line everything works fine.
It works even when line is not commented, but it gives an error during start up.

Revision history for this message
Scott Kitterman (kitterman) wrote :

This actually just affects hardy-backports. I'll have it fixed shortly.

Changed in hardy-backports:
assignee: nobody → kitterman
importance: Undecided → Low
status: New → In Progress
Changed in clamav (Ubuntu):
status: New → Invalid
Scott Kitterman (kitterman)
Changed in hardy-backports:
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (9.8 KiB)

This bug was fixed in the package clamav - 0.94.dfsg.2-1ubuntu0.3~hardy4

---------------
clamav (0.94.dfsg.2-1ubuntu0.3~hardy4) hardy-security; urgency=low

  * No change rebuild from backports for use with ClamAV 0.94

clamav (0.94.dfsg.2-1ubuntu0.3~hardy3) hardy-backports; urgency=low

  * Update Hardy backport to include the latest apparmor profile fixes from
    Jaunty development

clamav (0.94.dfsg.2-1ubuntu0.3~hardy2) hardy-backports; urgency=low

  * Drop deny rule in freshclam apparmor profile since deny is not supported
    in Hardy's apparmor (LP: #360919)

clamav (0.94.dfsg.2-1ubuntu0.3~hardy1) hardy-backports; urgency=low

  * Source backport for Hardy (lsb-base not present in sufficient version)
    (LP: #354190, #360502)
    - Drop versioning of lsb-base depends
    - Revert lsb status changes from maintainer scripts
  * Update existing backport with security fixes from 0.95 and 0.95.1
  * Update apparmor profile with fixes from Jaunty

clamav (0.94.dfsg.2-1ubuntu0.3) intrepid-security; urgency=high

  * SECURITY UPDATE: (LP: #360502)
  * References
  * libclamav/others.h: harden CLI_ISCONTAINED macro (bb#1552) (Denial of
    service)
  * Note: clamav-milter bugs such as 1499, 1522, 1524, and 1531 are not
    relevant to clamav 0.94.2 and earlier versions
  * Note: The code related to clamav bug 1553 was substantially rewritten in
    0.95, so it is also not relevant to clamav 0.94.2 and earlier versions
  * Bump CL_FLEVEL_DCONF to 0.95.1 level since relevant security patches are
    applied
  * Added CVE references for 0.94.dfsg.2-1ubuntu0.2 now that they've been
    assigned

clamav (0.94.dfsg.2-1ubuntu0.2) intrepid-security; urgency=high

  * SECURITY UPDATE (LP: #354190):
  * References Clamav #1335, #1462, CVE 2008-6680, CVE 2009-1270
  * libclamav/pe.c: division by zero with --detect-broken (bb#1335) (Denial of
    service)
  * libclamav/untar.c: infloop in tar.c (bb#1462) (Denial of Service)
  * Add dconf_renable patch from 0.95 (previously backported to 0.92.2)
    - Bump CL_FLEVEL_DCONF to 0.95 level since security patches are applied

clamav (0.94.dfsg.2-1ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: (LP: #304017)
    - Fix recursive stack overflow in jpeg parsing code
  * Other changes:
    - debian/control: Recommends apparmor >= 2.1+1075-0ubuntu6 for
      clamav-daemon and clamav-freshclam
    - add debian/usr.bin.freshclam and debian/usr.sbin.clamd
    - debian/clamav-(daemon|freshclam).dirs: add etc/apparmor.d/force-complain
    - debian/clamav-(daemon|freshclam).install: install profiles
    - debian/clamav-(daemon|freshclam).preinst: create symlink for
      force-complain/ on pre-feisty upgrades, upgrades where apparmor-profiles
      profile is unchanged (ie non-enforcing) and upgrades where the profile
      doesn't exist.
    - debian/clamav-(daemon|freshclam).postrm: remove symlink in
      force-complain/ on purge.
    - debian/clamav-(daemon|freshclam).postinst.in: reload apparmor
    - update README.Debian with note on Apparmor
    - Enable upstream test suite in debian/rules

clamav (0.94.dfsg.2-1) unstable; urgency=low

  [ Stephen Gran ]
  * New upstream version

  [ Michael Meskes...

Read more...

Changed in clamav (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.