Using ClamAV on a custom Void Linux ISO.

[MatanzaBR]

Updating the ClamAV ISO database

ClamAV is installed on the ISO.

The "include" folder is for customization.

mkdir -p include/var/lib/

rsync -av /var/lib/_clamav include/var/lib/

sudo chown -R _clamav:_clamav include/var/lib/_clamav/

ls -lh include/var/lib/_clamav/

total 360M -rw-r--r-- 1 _clamav _clamav 8,9K out 16 20:19 bytecode-339.cvd.sign -rw-r--r-- 1 _clamav _clamav 276K out 16 20:19 bytecode.cvd -rw-r--r-- 1 _clamav _clamav 197M nov 14 14:05 daily.cld -rw-r--r-- 1 _clamav _clamav 90 out 16 19:53 freshclam.dat -rw-r--r-- 1 _clamav _clamav 8,9K out 16 20:19 main-62.cvd.sign -rw-r--r-- 1 _clamav _clamav 163M out 16 20:19 main.cvd

In the generated Void Linux ISO, the folder /var/lib/_clamav/ has incorrect permissions, and the owner and group are wrong; it should be -rw-r--r-- 1 _clamav _clamav

Result ISO:

[Vaelatern]

Can you explain a little more -- is it in the ISO or in an installed system after the ISO is installed?

Is ClamAV's package running these steps in the install script?

[MatanzaBR]

This is in the ISO file.

The ClamAV package is only installed in the ISO file.

[Vaelatern]

Ok - so I can try and understand what you are seeing - how do you create this ISO?

[MatanzaBR]

mkiso.sh -h

When adding ClamAV to the ISO, do I have to edit the /etc/freshclam.conf file or leave it as default?

The /etc/freshclam.conf file was not edited.

[Vaelatern]

how did you add clamav to the iso?

[MatanzaBR]

The project's man page has an option to add programs. That's how I added ClamAV to the ISO.

Try creating the ISO with ClamAV without editing the /etc/freshclam.conf file.

[Vaelatern]

So mkiso.sh -h is not how you created the iso.

please share how you did this so I can replicate and see what happened.

[MatanzaBR]

ISOs generated using mklive do not automatically create or configure the _clamav:_clamav system user and group.

ClamAV requires the presence of the corresponding user and group to operate correctly. This configuration is performed only during standard system installations via xbps and is not executed within the live environment produced by mklive.

Reference: https://github.com/void-linux/void-mklive

The official README provides no guidance regarding the creation of service users or the configuration of directory permissions.

Recommended Workaround: To ensure proper ClamAV functionality in live ISOs, a custom profile script should be used during the ISO build process to:

Create the _clamav system user and group.

Initialize the /var/lib/clamav directory.

Set appropriate ownership and permissions for the directory.

Enable necessary ClamAV services (clamd and freshclam) if required.

This approach guarantees that ClamAV will operate correctly in the live environment.

sudo sed -i 's/^#DatabaseDirectory /DatabaseDirectory /' /etc/freshclam.conf

sudo groupadd -r _clamav

sudo useradd -r -g _clamav -d /var/lib/_clamav -s /usr/bin/nologin _clamav

sudo mkdir -p /var/lib/_clamav

sudo chown -R _clamav:_clamav /var/lib/_clamav

ls -ld /var/lib/_clamav drwxrwxr-x 2 _clamav _clamav 4096 nov 28 14:05 /var/lib/_clamav

Copying the ClamAV file into the directory prior to building the ISO does not fully resolve the issue, as the ownership and group of /var/lib/clamav remain assigned to the ISO user.

[Vaelatern]

This sounds like you are dumping AI slop at me.

How did you generate the ISO.

If you do not answer this I will close this issue and lock it.

[MatanzaBR]

I suspect that the issue is related to the ClamAV folder name specified in the /etc/freshclam.conf file. I will run some tests and get back with the results.

I changed it to _clamav; it used to be DatabaseDirectory /var/lib/clamav