[Clamav-users] Script updated: clamav-unofficial-sigs.sh (v3.6)
Hi Folks, It's been awhile, but I finally found some time to work on an update to the clamav-unofficial-sigs script. Based on feedback and user requests, here is what has changed in this release (from the CHANGELOG): Version 3.6 (updated 2009-08-23) - Added tr to remove Windows CRLF from signatures in local.ign monitoring section. - Updated signature database monitoring section to better handle rearrangement of signature database file name placement in the configuration file. - Removed several of the config file reload options in favor of simplicity and most reliable options. - Changed rsync mirror lookup from 'host' to 'dig' with the hope that 'dig' is more universally consistent between OS platforms. Issue reported by Al Sterman. - Added the '-u' (timestamp check) flag to the rsync downloads so that signature databases will not be downloaded from mirrors that are out of sync and hosting old files. Requested by Wolfgang Breyha - Added a configuration variable that will provide the ability to scan a HAM (non-spam) directory with new signature databases and automatically remove signatures that trigger from the database before implementing. Requested by Mike Cardwell. - Added the '-t' flag to the script to output third-party signatures that trigger during the HAM directory scan, but only if the 'ham_dir' variable is enabled in the configuration file and hit were found. - Updated required utilities section of the config file. Requested by Micah Anderson. - Updated Manual page, README, and INSTALL files. There *WERE* changes made to script's configuration file with this release, so please review the config file to determine if you need/want to upgrade the config file included with this release. The updated tarball can be downloaded from: http://www.inetmsg.com/pub/clamav-unofficial-sigs.tar.gz As usual, let me know if there are any issues, suggestions, or feature requests. Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
[Clamav-users] Freshclam Error
I noticed this morning on my Debian mail server that when I attempt to run the freshclam command from the CLI, I get the following error: mail:~# freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). I then check out the logs... -- Received signal: wake up ClamAV update process started at Mon Aug 24 09:25:35 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Downloading daily-9731.cdiff [100%] daily.cld updated (version: 9731, sigs: 67641, f-level: 43, builder: arnaud) Database updated (612676 signatures) from db.local.clamav.net (IP: 64.142.100.50) Clamd successfully notified about the update. -- Received signal: wake up ClamAV update process started at Mon Aug 24 10:25:37 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) Trying host db.local.clamav.net (207.57.106.31)... Downloading daily-9732.cdiff [100%] daily.cld updated (version: 9732, sigs: 67902, f-level: 43, builder: ccordes) Database updated (612937 signatures) from db.local.clamav.net (IP: 207.57.106.31) Clamd successfully notified about the update. -- Received signal: wake up ClamAV update process started at Mon Aug 24 11:25:39 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cld is up to date (version: 9732, sigs: 67902, f-level: 43, builder: ccordes) -- Received signal: wake up ClamAV update process started at Mon Aug 24 12:25:39 2009 main.cvd is up to date (version: 51, sigs: 545035, f-level: 42, builder: sven) daily.cld is up to date (version: 9732, sigs: 67902, f-level: 43, builder: ccordes) -- Does anyone know what is causing the error when I try and run freshclam manually? It appears to happen every hour automatically but I would think that I can force it whenever I please as well, no? I am running the following: mail:~# apt-cache policy clamav clamav: Installed: 0.95.2+dfsg-1~volatile1 Candidate: 0.95.2+dfsg-1~volatile1 ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 12:46 PM, Scott Mohnkernmohnk...@gmail.com wrote: I recently installed clamav .94 on an ubuntu box (8.04) and clamscan runs just fine, however freshclam generates the following error: rwxrwxrwx 2 clamav 204 4096 2009-08-21 10:02 clamav Why is your GID '204'? That looks to me like the system can't recognize the group ownership of the file or parenting folder... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
Thanks for catching that, I'd accidentally set the clamav group number to 441. However, after correcting. I'm still seeing the problem: o...@zambezi:/var# ls -alt | grep clamav drwxrwxrwx 2 clamav clamav 4096 2009-08-21 10:02 clamav r...@zambezi:/var# freshclam ClamAV update process started at Mon Aug 24 12:54:47 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94.2 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: getfile: Can't create new file /var/clamav/clamav-37cffbcbac17f3fecf92527459691294 in /var/clamav Hint: The database directory must be writable for UID 441 or GID 204 WARNING: Can't download main.cvd from db.us.clamav.net On Mon, Aug 24, 2009 at 12:51 PM, Carlos Williams carlosw...@gmail.comwrote: On Mon, Aug 24, 2009 at 12:46 PM, Scott Mohnkernmohnk...@gmail.com wrote: I recently installed clamav .94 on an ubuntu box (8.04) and clamscan runs just fine, however freshclam generates the following error: rwxrwxrwx 2 clamav 204 4096 2009-08-21 10:02 clamav Why is your GID '204'? That looks to me like the system can't recognize the group ownership of the file or parenting folder... ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 17:55, Scott Mohnkernmohnk...@gmail.com wrote: Thanks for catching that, I'd accidentally set the clamav group number to 441. However, after correcting. I'm still seeing the problem: o...@zambezi:/var# ls -alt | grep clamav drwxrwxrwx 2 clamav clamav 4096 2009-08-21 10:02 clamav r...@zambezi:/var# freshclam ClamAV update process started at Mon Aug 24 12:54:47 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94.2 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: getfile: Can't create new file /var/clamav/clamav-37cffbcbac17f3fecf92527459691294 in /var/clamav Hint: The database directory must be writable for UID 441 or GID 204 What do the following show: ls -lnd /var/clamav id clamav -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
r...@zambezi:/var# ls -lnd /var/clamav drwxrwxrwx 2 441 204 4096 2009-08-21 10:02 /var/clamav r...@zambezi:/var# id clamav uid=441(clamav) gid=204(clamav) groups=204(clamav) On Mon, Aug 24, 2009 at 1:15 PM, Rob MacGregor rob.macgre...@gmail.comwrote: ls -lnd /var/clamav -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
On Mon, Aug 24, 2009 at 18:17, Scott Mohnkernmohnk...@gmail.com wrote: r...@zambezi:/var# ls -lnd /var/clamav drwxrwxrwx 2 441 204 4096 2009-08-21 10:02 /var/clamav r...@zambezi:/var# id clamav uid=441(clamav) gid=204(clamav) groups=204(clamav) Try changing it to 770 instead of 777. If that doesn't work, what other kernel modules do you have loaded (apparmour etc)? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
Did the 770, no luck. Here's the results of lsmod: Module Size Used by af_packet 34440 2 ppdev 18568 0 acpi_cpufreq 18448 3 cpufreq_stats 16032 0 cpufreq_powersave 10368 0 cpufreq_ondemand 18320 2 freq_table 14080 3 acpi_cpufreq,cpufreq_stats,cpufreq_ondemand cpufreq_userspace 14468 0 cpufreq_conservative17800 0 iptable_filter 11776 0 ip_tables 31720 1 iptable_filter x_tables 30728 1 ip_tables ac 15496 0 parport_pc 48296 0 lp 22084 0 parport51340 3 ppdev,parport_pc,lp loop 28676 0 nfs 298872 1 lockd 83248 2 nfs nfs_acl12416 1 nfs sunrpc220808 10 nfs,lockd,nfs_acl container 13824 0 iTCO_wdt 22480 0 button 18080 0 pcspkr 12160 0 evdev 22144 3 iTCO_vendor_support12932 1 iTCO_wdt shpchp 45340 0 pci_hotplug41776 1 shpchp ext3 156176 7 jbd64168 1 ext3 mbcache18560 1 ext3 sg 48920 0 sr_mod 27300 0 cdrom 48680 1 sr_mod sd_mod 40448 12 pata_acpi 17024 0 usbhid 42848 0 hid52160 1 usbhid ata_piix 31364 10 ata_generic17156 0 libata183984 3 pata_acpi,ata_piix,ata_generic ehci_hcd 49164 0 scsi_mod 185784 4 sg,sr_mod,sd_mod,libata tg3 131972 0 uhci_hcd 37024 0 usbcore 177200 4 usbhid,ehci_hcd,uhci_hcd raid10 33536 0 raid456 138272 0 async_xor 13312 1 raid456 async_memcpy 11776 1 raid456 async_tx 17652 3 raid456,async_xor,async_memcpy xor14352 2 raid456,async_xor raid1 33920 5 raid0 16640 0 multipath 18176 0 linear 14592 0 md_mod 95388 11 raid10,raid456,raid1,raid0,multipath,linear dm_mirror 33408 0 dm_snapshot27848 0 dm_mod 78200 11 dm_mirror,dm_snapshot thermal26912 0 processor 48712 2 acpi_cpufreq,thermal fan13960 0 fbcon 53504 0 tileblit 11392 1 fbcon font 17280 1 fbcon bitblit14592 1 fbcon softcursor 10880 1 bitblit fuse 63280 1 On Mon, Aug 24, 2009 at 1:27 PM, Rob MacGregor rob.macgre...@gmail.comwrote: On Mon, Aug 24, 2009 at 18:17, Scott Mohnkernmohnk...@gmail.com wrote: r...@zambezi:/var# ls -lnd /var/clamav drwxrwxrwx 2 441 204 4096 2009-08-21 10:02 /var/clamav r...@zambezi:/var# id clamav uid=441(clamav) gid=204(clamav) groups=204(clamav) Try changing it to 770 instead of 777. If that doesn't work, what other kernel modules do you have loaded (apparmour etc)? -- Please keep list traffic on the list. Rob MacGregor Whoever fights monsters should see to it that in the process he doesn't become a monster. Friedrich Nietzsche ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
Plenty of space: r...@zambezi:/var# df -h /var/clamav FilesystemSize Used Avail Use% Mounted on /dev/mapper/vg00-var 10G 817M 8.7G 9% /var r...@zambezi:/var# df -i /var/clamav FilesystemInodes IUsed IFree IUse% Mounted on /dev/mapper/vg00-var 6553608580 6467802% /var On Mon, Aug 24, 2009 at 1:55 PM, Rob MacGregor rob.macgre...@gmail.comwrote: df -h /var/clamav df -i /var/clamav -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Script updated: clamav-unofficial-sigs.sh (v3.6)
Hi Bill, On Mon, 24 Aug 2009 Bill Landry wrote: Re: Script updated: clamav-unofficial-sigs.sh (v3.6) It's been awhile, but I finally found some time to work on an update to the clamav-unofficial-sigs script. [snip] Thanks once again for your efforts Bill (and of course thanks to the ClamAV team too should go without saying. :) You've prompted me to wonder out loud if anyone here knows the MSRBL databases listed in your example config file are still being updated? I saw that you aren't getting a lot of response from your messages on the MSRBL mailing list, or I'd have asked there first... -- 73, Ged. ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
attach the ouput of mount and try mount -oremount,rw /var ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
r...@zambezi:~# mount /dev/md4 on / type ext3 (rw,relatime,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) /sys on /sys type sysfs (rw,noexec,nosuid,nodev) varrun on /var/run type tmpfs (rw,noexec,nosuid,nodev,mode=0755) varlock on /var/lock type tmpfs (rw,noexec,nosuid,nodev,mode=1777) udev on /dev type tmpfs (rw,mode=0755) devshm on /dev/shm type tmpfs (rw) devpts on /dev/pts type devpts (rw,gid=5,mode=620) /dev/md0 on /boot type ext3 (rw,relatime) /dev/mapper/vg00-opt on /opt type ext3 (rw,relatime) /dev/md3 on /tmp type ext3 (rw,relatime) /dev/mapper/vg00-usr on /usr type ext3 (rw,relatime) /dev/mapper/vg00-var on /var type ext3 (rw,relatime) /dev/mapper/vg00-var_log on /var/log type ext3 (rw,relatime) securityfs on /sys/kernel/security type securityfs (rw) 140.90.91.244:/fs/shared on /fs/shared type nfs (rw,soft,intr,udp,addr=140.90.91 .244) r...@zambezi:~# mount -oremount,rw /var r...@zambezi:~# freshclam ClamAV update process started at Mon Aug 24 15:12:43 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94.2 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: getfile: Can't create new file /var/clamav/clamav-bacf717578a2fe08ad86b7f e7f7a38ab in /var/clamav Hint: The database directory must be writable for UID 441 or GID 204 WARNING: Can't download main.cvd from db.us.clamav.net r...@zambezi:~# On Mon, Aug 24, 2009 at 2:56 PM, Luis Carlos Ferreira l...@tuxedo.com.arwrote: mount -oremount,rw /var -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Script updated: clamav-unofficial-sigs.sh (v3.6)
Hi Bill, On Mon, 24 Aug 2009 Bill Landry wrote: Re: Script updated: clamav-unofficial-sigs.sh (v3.6) It's been awhile, but I finally found some time to work on an update to the clamav-unofficial-sigs script. [snip] Thanks once again for your efforts Bill (and of course thanks to the ClamAV team too should go without saying. :) You're welcome! You've prompted me to wonder out loud if anyone here knows the MSRBL databases listed in your example config file are still being updated? I saw that you aren't getting a lot of response from your messages on the MSRBL mailing list, or I'd have asked there first... I've gotten no responses to my posting to the list nor to messages I've sent directly to Chris Burton. The last updates from MSRBL were last month: -rw-r--r-- 1 root root 181337 2009-07-24 03:40 MSRBL-Images.hdb -rw-r--r-- 1 root root 244643 2009-07-27 01:21 MSRBL-SPAM.ndb when typically in the past we would several updates per day on the SPAN database. You might try posting to the MSRBL list to see if anyone there knows what's going on with them...? Bill ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
try freshclam -u clamav ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
r...@zambezi:/var/clamav# freshclam -u clamav ClamAV update process started at Mon Aug 24 15:23:23 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94.2 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: getfile: Can't create new file /var/clamav/clamav-d87ce240d56bd3e14a8c61c10aecc45e in /var/clamav Hint: The database directory must be writable for UID 441 or GID 204 WARNING: Can't download main.cvd from db.us.clamav.net This isn't a box I built, is there a way to check to see if selinux is running on it? (That would have this effect). I'm really only familiar with selinux on RHEL5 boxes. Scott On Mon, Aug 24, 2009 at 3:21 PM, Luis Carlos Ferreira l...@tuxedo.com.arwrote: try freshclam -u clamav ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam error
I bet that selinux is running on here. Found this in /var/log/syslog Aug 24 15:23:25 zambezi kernel: [354946.311148] audit(1251141805.476:58): type=1503 operation=inode_create requested_mask=w:: denied_mask=w:: name=/var/clamav/clamav-d87ce240d56bd3e14a8c61c10aecc45e pid=6125 profile=/usr/bin/freshclam namespace=default On Mon, Aug 24, 2009 at 12:46 PM, Scott Mohnkern mohnk...@gmail.com wrote: I recently installed clamav .94 on an ubuntu box (8.04) and clamscan runs just fine, however freshclam generates the following error: rwxrwxrwx 2 clamav 204 4096 2009-08-21 10:02 clamav r...@zambezi:/var# freshclam ClamAV update process started at Fri Aug 21 10:07:15 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.94.2 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq ERROR: getfile: Can't create new file /var/clamav/clamav-4c8bad43f85f4c58ba20de0e76a60468 in /var/clamav Hint: The database directory must be writable for UID 441 or GID 204 WARNING: Can't download main.cvd from db.us.clamav.net There's a user clamav, and /var/clamav is owned by 441:204 with write permissions. I can also su to user clamav and touch (create) new files in /var/clamav. Anyone have any ideas? -- Scott Mohnkern ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml
Re: [Clamav-users] Freshclam Error
On Mon, Aug 24, 2009 at 12:43:03PM -0400, Carlos Williams wrote: I noticed this morning on my Debian mail server that when I attempt to run the freshclam command from the CLI, I get the following error: mail:~# freshclam ERROR: /var/log/clamav/freshclam.log is locked by another process ERROR: Problem with internal logger (UpdateLogFile = /var/log/clamav/freshclam.log). [...] Does anyone know what is causing the error when I try and run freshclam manually? It appears to happen every hour automatically but I would think that I can force it whenever I please as well, no? To force the updating process in Debian, usually, you have to restart the daemon (that is locking the log file): - /etc/init.d/clamav-freshclam restart Ciao, gc :-) ___ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://www.clamav.net/support/ml