clamd can't start after /scripts/upcp --force
Here is the log:
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 9897 duplicate identifier "dump_sales_quote_payment"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11502 duplicate identifier "dump_sales_order"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11506 duplicate identifier "md5_64651cede2467fdeb1b3b7e6ff3f81cb"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11510 duplicate identifier "md5_6bf4910b01aa4f296e590b75a3d25642"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11526 duplicate identifier "eval_post"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11532 duplicate identifier "spam_mailer"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11538 duplicate identifier "md5_0105d05660329704bdb0ecd3fd3a473b"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11546 duplicate identifier "md5_0b1bfb0bdc7e017baccd05c6af6943ea"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11552 duplicate identifier "md5_2495b460f28f45b40d92da406be15627"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11556 duplicate identifier "md5_2c37d90dd2c9c743c273cb955dd83ef6"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11560 duplicate identifier "md5_3ccdd51fe616c08daafd601589182d38"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11564 duplicate identifier "md5_4b69af81b89ba444204680d506a8e0a1"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11569 duplicate identifier "md5_71a7c769e644d8cf3cf32419239212c7"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11578 duplicate identifier "md5_825a3b2a6abbe6abcdeda64a73416b3d"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11584 duplicate identifier "md5_87cf8209494eedd936b28ff620e28780"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11600 duplicate identifier "md5_c647e85ad77fd9971ba709a08566935d"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11604 duplicate identifier "md5_fb9e35bf367a106d18eb6aa0fe406437"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11608 duplicate identifier "md5_8e5f7f6523891a5dcefcbb1a79e5bbe9"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11612 duplicate identifier "eval_base64_decode_a"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11615 duplicate identifier "obfuscated_eval"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11626 duplicate identifier "md5_ab63230ee24a988a4a9245c2456e4874"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11629 duplicate identifier "md5_b579bff90970ec58862ea8c26014d643"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11635 duplicate identifier "md5_d30b23d1224438518d18e90c218d7c8b"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11639 duplicate identifier "md5_24f2df1b9d49cfb02d8954b08dba471f"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11641 duplicate identifier "base64_hidden_in_image"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11645 duplicate identifier "hide_data_in_jpeg"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11649 duplicate identifier "hidden_file_upload_in_503"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11655 duplicate identifier "md5_fd141197c89d27b30821f3de8627ac38"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11661 duplicate identifier "visbot"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11663 duplicate identifier "md5_39ca2651740c2cef91eb82161575348b"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11671 duplicate identifier "md5_4c4b3d4ba5bce7191a5138efa2468679"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11677 duplicate identifier "md5_6eb201737a6ef3c4880ae0b8983398a9"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11681 duplicate identifier "md5_d201d61510f7889f1a47257d52b15fa2"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11685 duplicate identifier "md5_06e3ed58854daeacf1ed82c56a883b04"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11689 duplicate identifier "md5_28690a72362e021f65bb74eecc54255e"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11691 duplicate identifier "overwrite_globals_hack"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11696 duplicate identifier "md5_4adef02197f50b9cc6918aa06132b2f6"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11701 duplicate identifier "obfuscated_globals"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11707 duplicate identifier "ld_preload_backdoor"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11711 duplicate identifier "fake_magentoupdate_site"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11715 duplicate identifier "md5_b3ee7ea209d2ff0d920dfb870bad8ce5"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11721 duplicate identifier "md5_e03b5df1fa070675da8b6340ff4a67c2"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11725 duplicate identifier "md5_023a80d10d10d911989e115b477e42b5"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11731 duplicate identifier "md5_4aa900ddd4f1848a15c61a9b7acd5035"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11735 duplicate identifier "md5_f797dd5d8e13fe5c8898dbe3beb3cc5b"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11921 duplicate identifier "onepage_or_checkout"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11930 duplicate identifier "sinlesspleasure_com"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11934 duplicate identifier "amasty_biz"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11938 duplicate identifier "amasty_biz_js"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11942 duplicate identifier "returntosender"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11946 duplicate identifier "ip_5uu8_com"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11950 duplicate identifier "cloudfusion_me"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11954 duplicate identifier "grelos_v"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11967 duplicate identifier "hacked_domains"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11971 duplicate identifier "mage_cdn_link"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11975 duplicate identifier "credit_card_regex"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11979 duplicate identifier "jquery_code_su"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11983 duplicate identifier "jquery_code_su_multi"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11987 duplicate identifier "Trafficanalyzer_js"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11991 duplicate identifier "atob_js"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11995 duplicate identifier "gate_php_js"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 12001 duplicate identifier "googieplay_js"
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 12004 duplicate identifier "md5_cdn_js_link_js"
LibClamAV Error: cli_loadyara: failed to parse rules file /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara, error count 63-
Hello, Try uninstalling then re-installing ClamAv via WHM's Plugin section by un-checking the "ClamAV Connector" then clicking "save" then going back to that page and checking it to re-install ClamAV. 0 -
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 9897 duplicate identifier "dump_sales_quote_payment"
Hello, These error messages appear to relate to custom ClamAV rules. Are you using any third-party applications such as Maldet on this system? Also, check to see if you are using any third-party ClamAV RPMs with a command such as:rpm -qa|grep clamav
With the ClamAV plugin offered through cPanel, you should see output like this:# rpm -qa|grep clamav cpanel-clamav-virusdefs-0.99.2-1.cp1164.x86_64 cpanel-clamav-0.99.2-1.cp1164.x86_64
Thank you.0 -
I'm seeing the exact same errors as the OP. When I entered `rpm -qa|grep clamav` I got the following response: `cpanel-clamav-virusdefs-0.99.2-2.cp1162.x86_64 cpanel-clamav-0.99.2-2.cp1162.x86_64` /usr/local/maldetect/maldet exists, and in addition, CXS (config exploit scanner), is installed. Could that be the issue? I've also seen notices about kernel needing an update. I've obviously chosen to add to this thread instead of starting anew. If that's inappropriate I will create a new thread. Thank you. 0 -
Same issue here. `rpm -qa|grep clamav` returns no results 0 -
correction had a space in it: rpm -qa|grep clamav cpanel-clamav-0.99.2-2.cp1162.x86_64 cpanel-clamav-virusdefs-0.99.2-2.cp1162.x86_64 I also have Maldet installed not cxs 0 -
As the OP had stated, errors. I receive the same when restarting EXIM. I did a quick "rpm -qa|grep clamav" which showed no result at all. I do have maldet installed as well. Then I opted to uninstall the ClamAV via WHM software. After re-installing, I still received the same response (all errors). I ran "/usr/local/cpanel/scripts/check_cpanel_rpms --fix". Then after, I executed: root@marge [/var/log]# rpm -qa |grep clamav cpanel-clamav-virusdefs-0.99.2-2.cp1162.x86_64 cpanel-clamav-0.99.2-2.cp1162.x86_64 Afterwards, I again attempted to restart EXIM (via WHM) and still am receiving errors. Nothing seems to be working correctly. Standing by for a response and hopeful resolution ;) 0 -
On a side note, went to edit my previous post, realizing my error with a space at "rpm -qa|grep clamav" only to be presented with this error - just a heads up cPanel forum admin: The following error occurred: Your content can not be submitted. This is likely because your content is spam-like or contains inappropriate elements. Please change your content or try again later. If you still have problems, please contact an administrator. Please resume. 0 -
Hello, Try moving the custom ClamAV rules out of the way and restarting clamd with the following commands: mkdir /root/clamav-backup-rules mv /usr/local/cpanel/3rdparty/share/clamav/rfxn.* /root/clamav-backup-rules/ /scripts/restartsrv_clamd
You may need to report this issue to the developer or support team of the plugin you are using if you'd like to continue using those custom ClamAV rules. Thank you.0 -
Hello, These error messages appear to relate to custom ClamAV rules. Are you using any third-party applications such as Maldet on this system? Also, check to see if you are using any third-party ClamAV RPMs with a command such as:
rpm -qa|grep clamav
With the ClamAV plugin offered through cPanel, you should see output like this:# rpm -qa|grep clamav cpanel-clamav-virusdefs-0.99.2-1.cp1164.x86_64 cpanel-clamav-0.99.2-1.cp1164.x86_64
Thank you.
Yes, I am using MALDET but I never touched rules of CLAMAV.rpm -qa|grep clamav cpanel-clamav-virusdefs-0.99.2-1.cp1164.x86_64 cpanel-clamav-0.99.2-1.cp1164.x86_64
I reinstalled clamav but the problem still present.0 -
Hello, Try moving the custom ClamAV rules out of the way and restarting clamd with the following commands:
mkdir /root/clamav-backup-rules mv /usr/local/cpanel/3rdparty/share/clamav/rfxn.* /root/clamav-backup-rules/ /scripts/restartsrv_clamd
You may need to report this issue to the developer or support team of the plugin you are using if you'd like to continue using those custom ClamAV rules. Thank you.
OUTPUT:Waiting for "clamd" Cpanel::Exception::Services::StartError Service Error (XID epufbx) El servicio "clamd" The "clamd" clamd has failed. Contact your system administrator if the service does not automagically recover.
LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 9897 duplicate identifier "dump_sales_quote_payment" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11502 duplicate identifier "dump_sales_order" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11506 duplicate identifier "md5_64651cede2467fdeb1b3b7e6ff3f81cb" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11510 duplicate identifier "md5_6bf4910b01aa4f296e590b75a3d25642" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11526 duplicate identifier "eval_post" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11532 duplicate identifier "spam_mailer" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11538 duplicate identifier "md5_0105d05660329704bdb0ecd3fd3a473b" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11546 duplicate identifier "md5_0b1bfb0bdc7e017baccd05c6af6943ea" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11552 duplicate identifier "md5_2495b460f28f45b40d92da406be15627" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11556 duplicate identifier "md5_2c37d90dd2c9c743c273cb955dd83ef6" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11560 duplicate identifier "md5_3ccdd51fe616c08daafd601589182d38" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11564 duplicate identifier "md5_4b69af81b89ba444204680d506a8e0a1" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11569 duplicate identifier "md5_71a7c769e644d8cf3cf32419239212c7" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11578 duplicate identifier "md5_825a3b2a6abbe6abcdeda64a73416b3d" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11584 duplicate identifier "md5_87cf8209494eedd936b28ff620e28780" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11600 duplicate identifier "md5_c647e85ad77fd9971ba709a08566935d" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11604 duplicate identifier "md5_fb9e35bf367a106d18eb6aa0fe406437" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11608 duplicate identifier "md5_8e5f7f6523891a5dcefcbb1a79e5bbe9" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11612 duplicate identifier "eval_base64_decode_a" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11615 duplicate identifier "obfuscated_eval" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11626 duplicate identifier "md5_ab63230ee24a988a4a9245c2456e4874" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11629 duplicate identifier "md5_b579bff90970ec58862ea8c26014d643" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11635 duplicate identifier "md5_d30b23d1224438518d18e90c218d7c8b" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11639 duplicate identifier "md5_24f2df1b9d49cfb02d8954b08dba471f" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11641 duplicate identifier "base64_hidden_in_image" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11645 duplicate identifier "hide_data_in_jpeg" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11649 duplicate identifier "hidden_file_upload_in_503" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11655 duplicate identifier "md5_fd141197c89d27b30821f3de8627ac38" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11661 duplicate identifier "visbot" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11663 duplicate identifier "md5_39ca2651740c2cef91eb82161575348b" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11671 duplicate identifier "md5_4c4b3d4ba5bce7191a5138efa2468679" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11677 duplicate identifier "md5_6eb201737a6ef3c4880ae0b8983398a9" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11681 duplicate identifier "md5_d201d61510f7889f1a47257d52b15fa2" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11685 duplicate identifier "md5_06e3ed58854daeacf1ed82c56a883b04" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11689 duplicate identifier "md5_28690a72362e021f65bb74eecc54255e" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11691 duplicate identifier "overwrite_globals_hack" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11696 duplicate identifier "md5_4adef02197f50b9cc6918aa06132b2f6" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11701 duplicate identifier "obfuscated_globals" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11707 duplicate identifier "ld_preload_backdoor" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11711 duplicate identifier "fake_magentoupdate_site" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11715 duplicate identifier "md5_b3ee7ea209d2ff0d920dfb870bad8ce5" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11721 duplicate identifier "md5_e03b5df1fa070675da8b6340ff4a67c2" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11725 duplicate identifier "md5_023a80d10d10d911989e115b477e42b5" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11731 duplicate identifier "md5_4aa900ddd4f1848a15c61a9b7acd5035" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11735 duplicate identifier "md5_f797dd5d8e13fe5c8898dbe3beb3cc5b" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11921 duplicate identifier "onepage_or_checkout" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11930 duplicate identifier "sinlesspleasure_com" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11934 duplicate identifier "amasty_biz" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11938 duplicate identifier "amasty_biz_js" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11942 duplicate identifier "returntosender" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11946 duplicate identifier "ip_5uu8_com" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11950 duplicate identifier "cloudfusion_me" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11954 duplicate identifier "grelos_v" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11967 duplicate identifier "hacked_domains" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11971 duplicate identifier "mage_cdn_link" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11975 duplicate identifier "credit_card_regex" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11979 duplicate identifier "jquery_code_su" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11983 duplicate identifier "jquery_code_su_multi" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11987 duplicate identifier "Trafficanalyzer_js" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11991 duplicate identifier "atob_js" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 11995 duplicate identifier "gate_php_js" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 12001 duplicate identifier "googieplay_js" LibClamAV Error: yyerror(): /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara line 12004 duplicate identifier "md5_cdn_js_link_js" LibClamAV Error: cli_loadyara: failed to parse rules file /usr/local/cpanel/3rdparty/share/clamav/rfxn.yara, error count 630 -
Having the exact same problem here since last update 0 -
Yes, I am using MALDET but I never touched rules of CLAMAV.
Hello, The custom ClamAV rules are referenced in the application's most recent change log: [New] added curated set of YARA webshell & malware signatures for use with ClamAV >= 0.99b
You can remove the custom rules using the commands referenced in my earlier response:mkdir /root/clamav-backup-rules mv /usr/local/cpanel/3rdparty/share/clamav/rfxn.* /root/clamav-backup-rules/ /scripts/restartsrv_clamd
You may want also to report this as an issue on their GitHub page: Issues " rfxn/linux-malware-detect " GitHub Thank you.0 -
This issue was brought to my attention a few minutes ago regarding this thread. An issue with the 3rd party YARA rule generation resulted in duplicates being injected as the upstream provider changed certain formatting. This has been resolved as of this writing and rules are now consistent / without duplicates. The new rules will automagically push out with standard daily updates to LMD and/or you can force a manual signature update with the '-u|--update-sigs' option followed by restarting clamd with '/scripts/restartsrv_clamd'. e.g: [root@boomer ~]# maldet -u Linux Malware Detect v1.6 (C) 2002-2017, R-fx Networks (C) 2017, Ryan MacDonald This program may be freely redistributed under the terms of the GNU GPL v2 maldet(17027): {sigup} performing signature update check... maldet(17027): {sigup} local signature set is version 2017041129590 maldet(17027): {sigup} new signature set (2017041410039) available maldet(17027): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz maldet(17027): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz maldet(17027): {sigup} verified md5sum of maldet-sigpack.tgz maldet(17027): {sigup} unpacked and installed maldet-sigpack.tgz maldet(17027): {sigup} verified md5sum of maldet-clean.tgz maldet(17027): {sigup} unpacked and installed maldet-clean.tgz maldet(17027): {sigup} signature set update completed maldet(17027): {sigup} 12451 signatures (9721 MD5 | 1951 HEX | 779 YARA | 0 USER) [root@boomer ~]# /scripts/restartsrv_clamd Waiting for "clamd" to restart "waiting for "clamd" to initialize "finished. Service Status clamd (/usr/local/cpanel/3rdparty/bin/clamd) is running as root with PID 17231 (systemd check method). Startup Log Apr 14 15:15:43 boomer.rfxn.com systemd[1]: Starting clamd antivirus daemon... Apr 14 15:15:57 boomer.rfxn.com systemd[1]: Started clamd antivirus daemon. clamd restarted successfully.
I've added additional tests against the YARA rule file generation to ensure this does not happen again. This includes stricter testing for duplicates and better exit code detection when testing the rules with clamd. Thanks!0 -
@rfxn, much obliged. I restarted clamd successfully with the 2 commands you provided. 0
Please sign in to leave a comment.
Comments
14 comments