Change in Clamscan result as of cPanel 100.0.8
Re: /usr/local/cpanel/3rdparty/bin/clamscan -ir /home/ | mail -s "Clamscam results" root
For years I am used to seeing the following result from the above:
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 26841088 bytes
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 26800128 bytes
LibClamAV Warning: Unsupported message format `global' - if you believe this file contains a virus, submit it to www.clamav.net
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 27262976 bytes
LibClamAV Warning: cli_scanxz: decompress file size exceeds limits - only scanning 26808320 bytes
(This is a sample, There are a few more entries than that.)
As of v100.0.8 the run time changed (indicating a changed CRON, I assume), and the output changed to include the following entry types:
LibClamAV info: Suspicious link found!
LibClamAV info: Real URL:
LibClamAV info: Suspicious link found!
LibClamAV info: Real URL:
LibClamAV info: Display URL:
-
Hey there! We have more details on the failure, which is fixed on version 100.0.9 here: I haven't seen any other reports about the output change, and lots of people have been talking about ClamAV because of those issues, so that might be worth submitting a ticket to our team so we can take a look. 0 -
Thanks for the quick reply. Actually the clamav download bug showed up on 1/31 & 2/1, and the update to 100.0.8 was on 2/3, and to 100.0.9 on 2/4 (for me), but the download bug didn't appear on 2/2 or after. Regardless, it all looks to be fine now. Your second link on the Clamav version seems really confused! I checked and I see Clamav 0.104.0-1.cp11100 in WHM. Or is this a tweaked older version of Clamav to fool their download server? Can you get me the real answer on which version of Clamav cPanel is supposed to be running now and in which cPanel version it was updated? As for the report, it simply has a lot more info in it, which I assumed was due to a Clamav update. I'll look into it more once you provide the answers to the above. Then we can go from there - it may just be an update. -Pete 0 -
I checked and I see Clamav 0.104.0-1.cp11100 in WHM. Or is this a tweaked older version of Clamav to fool their download server?
I noticed this as well ;) Even though cPanel 102 has not made it to Release tier yet, on 101.0.8 and 101.0.9 the ClamAV version shows as the latest instead of the outdated. My GUESS is that cPanel developers have been working-in the necessary code for updated ClamAV and that the transitional code has made it to 101.0.8+, but that's just my guess. Considering that we know it is resolved in cPanel 102, I doubt that cPanel would resort to "fooling" the the ClamAV download server and this is a prep stage as 102 is about to reach Release and the initial fix could possibly be already implemented in CP 101.0.8 / 101.0.9 in a sort of beta capacity. Just giving the benefit of the doubt here, as I wouldn't know for sure, but in any case it's good to know that this long-time issue is about to be put to rest. (And I'll bet the CP devs have worked under pressure / are relieved as well).0 -
Yes, I'll be interested to see what @cPRex finds out. 0 -
@PeteS - I can confirm we wouldn't try and trick the download servers like that - that would get messy. The changes in the report are confirmed to be just part of the update. At this point we're expecting things to work in 100.0.9 and LTS 94. If you're NOT seeing that as the case, please let me know! 0 -
@PeteS - I can confirm we wouldn't try and trick the download servers like that - that would get messy.
I was mostly kidding... ;)The changes in the report are confirmed to be just part of the update.
Thank you, I assumed so but wanted to confirm.At this point we're expecting things to work in 100.0.9 and LTS 94. If you're NOT seeing that as the case, please let me know!
All appears well for me with 100.0.9.0
Please sign in to leave a comment.
Comments
6 comments