If you’re on a CPanel/WHM system and you start getting errors like:
Can’t open /var/log/clamav/freshclam.log in append mode (check permissions!)
… or …
Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log)
… from your cron.daily Anacron jobs (or any other weird sort of messages from the Clam Antivirus checker) it could be because you have two versions of it installed. On a CPanel/WHM system you only really want the version specific to that installed.
What I did to get it working was uninstall all Clam Antivirus stuff and start again, thusly:
1. See what’s installed in the RPM database by typing the following into SSH (as root):
rpm -aq | grep -i clam
2. For each entry displayed, uninstall it from the RPM database with:
rpm -e entry
Replacing entry with whatever the entry name is. Mine actually had the following entries:
cpanel-clamav-virusdefs-0.98.6-2.cp1150.x86_64 clamav-db-0.98.7-1.el6.x86_64 cpanel-clamav-0.98.6-2.cp1150.x86_64 clamav-0.98.7-1.el6.x86_64 cpanel-perl-514-File-Scan-ClamAV-1.91-1.cp1146.x86_64
So I did an rpm -e on all those.
3. I then deleted the clam log files and directory with:
rm -Rf /var/log/clamav
4. Then I went into WHM to the Manage Plugins section and clicked the Uninstall clamavconnector button.
5. So now that I’ve zapped anything to do with clam I just went back into WHM’s Manage Plugins section and reinstalled clam.
You might also need to follow the instructions here: https://documentation.cpanel.net/display/ALD/Configure+ClamAV+Scanner from the Configure ClamAv Scanner for Exim section onwards to ensure that clam is connected to exim correctly.
There are probably easier ways to do this but it worked for me and I no longer get spurious messages from Clam Antivirus.