Bizarre Email about Clamav

General eFa discussion
Post Reply
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Bizarre Email about Clamav

Post by BruceLeeRoy »

I received this bizarre Email that was sent to my domain administrative contact email address. It had the IP address of my EFA box. Anyone else get this?


Hello,

Your server mail.domain.net (x.x.x.x) is downloading additional signatures
for Clamav antivirus at clamav.securiteinfo.com.
clamav.securiteinfo.com will be discontinued soon.
However, now up-to-date signatures are available for free at
https://www.securiteinfo.com/services/i ... amav.shtml

I remain at your disposal for any further information.

Best regards,
Arnaud Jacques / SecuriteInfo.com
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

What version of EFA are you using?

Securiteinfo.com was removed in 3.0.0.8.

Issue #173 Enhancement - Securiteinfo.com support removed from unofficial-sigs
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

This is the only version info I could find, I also have it set to auto update.

MailScanner Version Number 4.84.6
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Bizarre Email about Clamav

Post by pdwalker »

Log into your efa box via ssh

run this shell command: 'cat /etc/EFA-Version'

report the results.

Possible feature request: place the version number in the web interface somewhere.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

EFA-3.0.0.7

Hmmm, I guess auto-update doesn't update the version?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

If auto update is enabled, perhaps something is preventing your system from updating? Rebooted lately?

I would try a manual update and see if you can spot if something is preventing the update.

Here's some info on how to update:

https://raw.githubusercontent.com/E-F-A ... LEASENOTES
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

Strange, I haven't had time to try to manually do the upgrade, but I got an email from the server this morning saying it has upgraded to 3.0.0.8 and it needs to be rebooted to complete, so I rebooted it and it's still at 3.0.0.7
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

It'll probably run the second part of the update soon, then.
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

Still can't get it to update, restarted many times and tried again still no luck:

[root@mail sbin]# /usr/local/sbin/EFA-Update -update
[EFA] Good you are root
[EFA] Starting update to EFA-3.0.0.8
[EFA] Good you are root
df: no file systems processed
Loaded plugins: fastestmirror
Setting up Update Process
Loading mirror speeds from cached hostfile
* base: mirror.keystealth.org
* extras: mirror.compevo.com
* rpmforge: mirror.hmc.edu
* updates: mirror.vcu.edu
No Packages marked for Update
grep: /boot/grub/menu.lst: No such file or directory
Your system has an updated kernel, but you are not running
on the latest kernel. Please restart your system and run
EFA-Update after restart.
/var/EFA/update/EFA-update-script died with exit status 1
[root@mail sbin]#
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

You are missing grub, it appears. Is this a custom build using something else, such as grub2?
grep: /boot/grub/menu.lst: No such file or directory
You may need bypass the EFA-update-script as follows:

Code: Select all

wget http://dl.efa-project.org/update/EFA-Update-3.0.0.7-3.0.0.8.tar.gz
tar xzvf EFA-Update-3.0.0.7-3.0.0.8.tar.gz
chmod 700 EFA-Version-Upgrade
sudo ./EFA-Version-Upgrade
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

It's a vps so there's no bootloader, I made a fake menu.lst just to make it happy and it gives the same error, tried to do the manual update as you suggested but it errors with:

cp: cannot stat `/tmp/EFA-Staging/Files/Spamassassin-3.4.0a-EFA-Upgrade.tar.gz': No such file or directory
tar (child): Spamassassin-3.4.0a-EFA-Upgrade.tar.gz: Cannot open: No such file or directory
tar (child): Error is not recoverable: exiting now
tar: Child returned status 2
tar: Error is not recoverable: exiting now
./EFA-Version-Upgrade: line 340: cd: Spamassassin-3.4.0-EFA-Upgrade: No such file or directory
chmod: cannot access `install.sh': No such file or directory
./EFA-Version-Upgrade: line 345: ./install.sh: No such file or directory
No recipient addresses found in header
Update to Version 3.0.0.8 FAILED. Updates cancelled.


/tmp directory exists, but I guess it doesnt create the files there?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Bizarre Email about Clamav

Post by shawniverson »

Whoops my bad. Let's do this instead so that the scripts are happy...

Code: Select all

sudo mkdir /tmp/EFA-Staging
cd /tmp/EFA-Staging
sudo wget http://dl.efa-project.org/update/EFA-Update-3.0.0.7-3.0.0.8.tar.gz
sudo tar xzvf EFA-Update-3.0.0.7-3.0.0.8.tar.gz
sudo rm -f /var/EFA/update/EFA-Version-Upgrade
sudo cp EFA-Version-Upgrade /var/EFA/update/EFA-Version-Upgrade
sudo chmod 700 /var/EFA/update/EFA-Version-Upgrade
sudo /var/EFA/update/EFA-Version-Upgrade
User avatar
BruceLeeRoy
Posts: 47
Joined: 01 May 2015 13:27

Re: Bizarre Email about Clamav

Post by BruceLeeRoy »

woohoo! I'm on 3.0.0.8 thanks for the help greatly appreciated! :)
Post Reply