Skip to main content

ClamAV update script and logging issues

Comments

20 comments

  • Metro2
    Same problem here. At first I thought it might be related my CSF/LFD/Mailscanner installation from ConfigServer in which case I'd be hesitant to try any solutions found on forums, so I contacted ConfigServer and they informed me: "When we install MailScanner currently we use cPanel's clamavconnector, and the errors you are receiving do not relate to that. As long as you're on a supported version of cPanel it shouldn't have any impact on our products. " So that means either finding a solution together here on the forums, or submitting a ticket to cPanel. I'm subscribing to this thread and hopefully someone who has experienced / resolved this will chime in (fingers crossed), but if not than in a couple days I'll submit a ticket to cPanel Support and will update the outcome here.
    0
  • George_Fusioned
    The /etc/cron.daily/freshclam
    should fix any permission issues itself normally LOG_FILE="/var/log/clamav/freshclam.log" if [ ! -f "$LOG_FILE" ]; then touch "$LOG_FILE" chmod 644 "$LOG_FILE" chown clam.clam "$LOG_FILE" fi
    Do you by any chance have the epel repo activated? Could you check your /var/log/yum.log
    to see if your clamav package got updated recently?
    0
  • Metro2
    In my case, grep clam /var/log/yum.log shows: Aug 16 01:00:37 Installed: clamav-filesystem-0.101.3-1.el6.noarch Aug 16 01:00:42 Installed: clamav-data-0.101.3-1.el6.noarch Aug 16 01:00:42 Installed: clamav-lib-0.101.3-1.el6.x86_64 Aug 16 01:00:43 Updated: clamav-0.101.3-1.el6.x86_64 So, it looks like it updated to latest version at 1:00am However, once again at 3:20am I received: Anacron job 'cron.daily' on examplehost.example.net From: Anacron root@examplehost.example.net To: root@examplehost.example.net Date: Aug 19, 2019, 3:20 AM /etc/cron.daily/freshclam: /etc/cron.daily/freshclam: line 15: /usr/bin/freshclam: No such file or directory Edit - I forgot to mention, I don't see any sign of epel repo in /etc/yum.repos.d
    0
  • cPanelLauren
    Hello, Can you show me the output of the following? rpm -qa |grep -i clamav
    0
  • Metro2
    Hello, Can you show me the output of the following? rpm -qa |grep -i clamav

    cpanel-perl-528-File-Scan-ClamAV-1.95-1.cp1178.noarch cpanel-clamav-0.101.3-1.cp1180.x86_64 clamav-lib-0.101.3-1.el6.x86_64 clamav-db-0.99.4-1.el6.x86_64 clamav-0.101.3-1.el6.x86_64 cpanel-clamav-virusdefs-0.101.3-1.cp1180.x86_64 clamav-filesystem-0.101.3-1.el6.noarch clamav-data-0.101.3-1.el6.noarch
    0
  • cPanelLauren
    cpanel-perl-528-File-Scan-ClamAV-1.95-1.cp1178.noarch cpanel-clamav-0.101.3-1.cp1180.x86_64 clamav-lib-0.101.3-1.el6.x86_64 clamav-db-0.99.4-1.el6.x86_64 clamav-0.101.3-1.el6.x86_64 cpanel-clamav-virusdefs-0.101.3-1.cp1180.x86_64 clamav-filesystem-0.101.3-1.el6.noarch clamav-data-0.101.3-1.el6.noarch

    This shows you're running both the standard and cPanel provided version of ClamAV which is what I was initially curious about. There are a couple of reasons why someone would install separate versions one of which is if you're running CloudLinux or Imunify360 both of which install it. If you're running CloudLinux or Imunify there is indeed an issue in which /usr/bin/freshclam is missing because the clamav-update package is missing. The current workaround from CloudLinux is to remove clamav-db and install clamav-update. They also let us know that they have a case open and are currently working on a resolution.
    0
  • Metro2
    @cPanelLauren - thank you, yes indeed I'm running CloudLinux (but not Imunify). Do yo happen to have a link to their work-around instructions? In meantime I'll check CL's site to see if I can find correct steps so that I don't break anything.
    0
  • cPanelLauren
    Hello, I don't have a link that I'm able to provide you - it was discussed internally. The workaround though is to remove the clamav-db package which is obsolete and install the clamav-update package which you are missing.
    0
  • sneader
    We are also running CloudLinux, but are not paying for the full Imunify360 (however, we have the free on-demand scanner version of Imunify360 running, which was installed automatically by CloudLinux). I'd appreciate any detailed instructions/steps on what the fix is. - Scott
    0
  • cPanelLauren
    Hello, The workaround as it stands right now from CloudLinux is as I mentioned before to remove the clamav-db package and install the clamav-update package. If the issue is that you're not sure how to add/remove packages you can do the following: 1. Remove the clamav-db package rpm -e --nodeps clamav-db
    or yum remove clamav-db
    2. Then install clamav-update yum install clamav-update
    0
  • QuentinC
    A lot of cPanel servers have ImmunifyAV.... Why CloudLinux ask to make a manual workaround for fix yum conflicts/dependencies ?
    0
  • cPanelLauren
    The workaround is only temporary until they resolve the issue. A means to manage the issue until that time.
    0
  • sneader
    After running these... rpm -e --nodeps clamav-db yum install clamav-update
    Now I get cron these new cron emails: Cron /usr/share/clamav/freshclam-sleep LibClamAV Warning: Cannot resolve: /usr/lib64/libclamunrar_iface.so: undefined symbol: libclamunrar_iface_LTX_unrar_peek_file_header (version mismatch?) - unrar support unavailable
    Looking in /usr/lib64/: lrwxrwxrwx 1 root root 22 Jul 24 2013 libclamunrar.so -> libclamunrar.so.6.1.17* lrwxrwxrwx 1 root root 22 Jul 24 2013 libclamunrar.so.6 -> libclamunrar.so.6.1.17* -rwxr-xr-x 1 root root 178442 Jul 24 2013 libclamunrar.so.6.1.17*
    So, it exists but, indeed, it's pretty old. - Scott
    0
  • cPanelLauren
    Hi @sneader That's not a known part of this issue. If you purchased your CloudLinux or Immunify license through us please feel free to open a ticket with us. If you purchased it through CL or another means you'd need to open a ticket with CloudLinux directly: CloudLinux - Main | New template Thanks!
    0
  • CloudLinux Skhristich
    A lot of cPanel servers have ImmunifyAV.... Why CloudLinux ask to make a manual workaround for fix yum conflicts/dependencies ?

    Hello! It all changes when you upgrade. You need to update the repositories.
    0
  • Metro2
    Now that it appears CloudLinux implemented the fix for the original issue in this thread, I now receive these emails daily from each server: (I've replaced the actual server names / email addresses with "example" obviously) ---------- Cron /usr/share/clamav/freshclam-sleep Cron Daemon ERROR: Can't open /var/lib/clamav/mirrors.dat for writing ---------- ---------- Anacron job 'cron.daily' on server.example.com Anacron /etc/cron.daily/logrotate: error: stat of /var/log/freshclam.log failed: No such file or directory ---------- My CloudLinux license is purchased through cPanel, but I'm hoping to avoid opening a ticket if possible. Open to suggestions here first and would be grateful for any, thank you.
    0
  • cPanelLauren
    Hi @Metro2 Can you provide me the output of the following: ls -lah /var/lib/clamav/mirrors.dat
    For the log error - this is a second issue CloudLinux is currently addressing which I've discussed in this thread The workaround until it's resolved is as follows: Remove the logrotate config for clamav or Add 'missingok' to /etc/logrotate.d/clamav-update or Update /etc/freshclam.conf by removing # from UpdateLogFile line. Then create the log going by clamav documentation @
    0
  • Metro2
    Hi @Metro2 Can you provide me the output of the following: ls -lah /var/lib/clamav/mirrors.dat

    Thank you for your reply @cPanelLauren Output of ls -lah /var/lib/clamav/mirrors.dat is: -rw------- 1 490 486 1.6K Aug 15 03:29 /var/lib/clamav/mirrors.dat
    0
  • cPanelLauren
    Hi @Metro2 That user/group is incorrect - this should be as discussed here:
    0
  • Metro2
    Thank you @cPanelLauren :)
    0

Please sign in to leave a comment.