Skip to main content

clamscan warnings

savago
Hello, i get some warnings in new clamav versions like: /home/xxxxxxxxx/public_html/html.txt: PHP.C99-13 FOUND /home/xxxxxxxxx/public_html/cgi-bin/lib.php: PHP.Shell-84 FOUND LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated .... LibClamAV info: scancws: Error decompressing SWF file LibClamAV info: scancws: Error decompressing SWF file
Then i make some changes and include "--scan-swf=no" but there is missing options : clamscan: unrecognized option `--scan-swf=no' ERROR: Unknown option passed ERROR: Can't parse command line options
clamscan --help show that option is missing --scan-pe[=yes(*)/no] Scan PE files --scan-elf[=yes(*)/no] Scan ELF files --scan-ole2[=yes(*)/no] Scan OLE2 containers --scan-pdf[=yes(*)/no] Scan PDF files --scan-html[=yes(*)/no] Scan HTML files --scan-archive[=yes(*)/no] Scan archive files (supported by libclamav)
Please fix it.

Comments

8 comments

Date Votes
  • Infopro
    [QUOTE]/home/xxxxxxxxx/public_html/html.txt: PHP.C99-13 FOUND /home/xxxxxxxxx/public_html/cgi-bin/lib.php: PHP.Shell-84 FOUND
    Your account appears to have been compromised.
    0
  • savago
    Yes,this is not problem. Problem is that scan-swf option is missing :)
    0
  • cPanelMichael
    Hello :) We can't assist with cleaning up the actual viruses, but feel free to open a support ticket if you want us to check on the status of ClamAV itself. You can post the ticket number here so we can update this thread with the outcome. Thank you.
    0
  • GiviN.G
    Hi Michael, I am also receiving emails like /etc/cron.hourly/manual_clamscan: /usr/bin/clamscan: illegal option -- r ERROR: Unknown option passed ERROR: Can't parse command line options
    Full Details:: > From: (Cron Daemon) > Subject: Cron <> run-parts /etc/cron.hourly > Date: > To: > > /etc/cron.hourly/manual_clamscan: > > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated > LibClamAV info: scancws: Error decompressing SWF file > LibClamAV info: scancws: Error decompressing SWF file > LibClamAV Warning: cli_scanicon: found 1 invalid icon entries of 2 total > LibClamAV Warning: cli_tnef: file truncated, returning CLEAN > LibClamAV Warning: cli_scanswf: GETBITS: Can't read file or file truncated
    Please advise. Thank you.
    0
  • cPanelMichael
    Did you manually configure that cron job? What's the contents of /etc/cron.hourly/manual_clamscan? Thank you.
    0
  • GiviN.G
    Hello michael, Thank you for your reply, I don't remember how it was set. Please find below the contents. # cat /etc/cron.hourly/manual_clamscan #!/bin/bash # Email alert cron job script for ClamAV # Original, unmodified script by: Deven Hillard #(http://www.digitalsanctuary.com/tech-blog/debian/automated-clamav-virus-scanning.html) # Modified to show infected and/or removed files # Directories to scan SCAN_DIR="/home /tmp /var" # Location of log file LOG_FILE="/var/log/clamav/manual_clamscan.log" # Uncomment to have scan remove files #AGGRESSIVE=1 # Uncomment to have scan not remove files AGGRESSIVE=0 # Email Subject SUBJECT="Infections detected on `hostname`" # Email To EMAIL="myname@gmail.com" # Email From EMAIL_FROM="mail@domain.com" check_scan () { # If there were infected files detected, send email alert if [ `tail -n 12 ${LOG_FILE} | grep Infected | grep -v 0 | wc -l` != 0 ] then # Count number of infections SCAN_RESULTS=$(tail -n 10 $LOG_FILE | grep 'Infected files') INFECTIONS=${SCAN_RESULTS##* } EMAILMESSAGE=`mktemp /tmp/virus-alert.XXXXX` echo "To: ${EMAIL}" >> ${EMAILMESSAGE} echo "From: ${EMAIL_FROM}" >> ${EMAILMESSAGE} echo "Subject: ${SUBJECT}" >> ${EMAILMESSAGE} echo "Importance: High" >> ${EMAILMESSAGE} echo "X-Priority: 1" >> ${EMAILMESSAGE} if [ $AGGRESSIVE = 1 ] then echo -e "\n`tail -n $((10 + ($INFECTIONS*2))) $LOG_FILE`" >> ${EMAILMESSAGE} else echo -e "\n`tail -n $((10 + $INFECTIONS)) $LOG_FILE`" >> ${EMAILMESSAGE} fi sendmail -t < ${EMAILMESSAGE} fi } if [ $AGGRESSIVE = 1 ] then /usr/bin/clamscan -ri --remove $SCAN_DIR >> $LOG_FILE else /usr/bin/clamscan -ri $SCAN_DIR >> $LOG_FILE fi
    Here are some more informations. root@vps [~]# run-parts /etc/cron.hourly/ /etc/cron.hourly//manual_clamscan: /usr/bin/clamscan: illegal option -- r ERROR: Unknown option passed ERROR: Can't parse command line options
    root@vps [~]# /etc/cron.hourly/manual_clamscan /usr/bin/clamscan: illegal option -- r ERROR: Unknown option passed ERROR: Can't parse command line options
    Thank you once again.
    0
  • cPanelMichael
    The results are a separate issue, so I moved that post into it's own thread for you. The cron job you have referenced looks like a third-party script. The "clamscan" utility is now located at: /usr/local/cpanel/3rdparty/bin/clamscan
    You may want to remove that cron job, or contact it's developer to have it updated to work without error. Thank you.
    0
  • GiviN.G
    Okay. Thank you. Sorry for the last reply. I will contact the developer. Thanks again Michael. :)
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post