Page 1 of 1

Clamd update kills my EFA

Posted: 13 Jul 2018 08:33
by jamerson
Hi guys,
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.

Code: Select all

Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: Clamd found 1 infections
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
alle emails are infected according to the CLAM. to release the emails we had to reboot the EFA otherwise they are not deleverd.
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen

Code: Select all

Subject: Cron <clam@filter> [ -x /usr/bin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/clamav>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=clam>
X-Cron-Env: <USER=clam>

Code: Select all

[root@filter admin]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

The Solutions is :


the solution is

Code: Select all

 /etc/clamav-unofficial-sigs/master.conf
 yararulesproject_enabled="no"
 enable_yararules="no"
delete *.yar and *.yara from /var/lib/clamav/
command to delete and restart the service

Code: Select all

sudo rm /var/lib/clamav/*yar
sudo rm /var/lib/clamav/*yara
sudo service clamd start

Re: Clamd update kills my EFA

Posted: 13 Jul 2018 08:51
by jamerson
See above the solution.
if you have any questions let me know

Re: Clamd update kills my EFA

Posted: 13 Jul 2018 10:57
by bikertrash
Thank you for this... looks like it did the trick for me as well.

Re: Clamd update kills my EFA

Posted: 25 Jul 2018 09:44
by rvwaveren
Just replying to say this fixed it for me as well, thanks!

Re: Clamd update kills my EFA

Posted: 25 Jul 2018 10:51
by jogomes
Hi to all,

Updating to Clamav 0.100.1 did caused the issue.
Solution presented solved the issue.

Thanks.
JG

Re: Clamd update kills my EFA

Posted: 28 Mar 2019 16:28
by g-force-j
Hi all,

Updating to 0.101.2 and EFA-3.0.2.6 caused this for me.

The solution still works!

Re: Clamd update kills my EFA

Posted: 07 May 2019 18:54
by larsborris
Hello!

Just started with eFa today.
I downloaded the newest hyper-v template, updated it and it broke.
However, this solved my problem.

Re: Clamd update kills my EFA

Posted: 04 Jun 2019 07:26
by Gogo
Great solution to this problem.
Thanks all

Re: Clamd update kills my EFA

Posted: 26 Jun 2019 12:33
by andyhud
+1

Great solution - works well

Re: Clamd update kills my EFA

Posted: 10 Jul 2019 11:48
by djshaunvt
Thanks for your post.

I am a bit of a Centos noob.

I have edited the options in master.conf but I'm stuck by the the line of code that says:

delete *.yar and *.yara from /var/lib/clamav/

Are you supposed to run that in the Centos Shell ?

Thanks.

Re: Clamd update kills my EFA

Posted: 10 Jul 2019 12:11
by shawniverson

Code: Select all

rm /var/lib/clamav/*yar
rm /var/lib/clamav/*yara

Re: Clamd update kills my EFA

Posted: 10 Jul 2019 12:22
by djshaunvt
Thanks that was it..

Appreciated :D

Re: Clamd update kills my EFA

Posted: 10 Jul 2019 12:27
by djshaunvt
Only the powers that be now know how I'm going to pull this one off :idea:

viewtopic.php?t=3311

Re: Clamd update kills my EFA

Posted: 10 Jul 2019 13:51
by djshaunvt
Thanks,

Managed to pull it off by connecting to the Centos EFA server Via Winscp and had to modify permissions to the /var/www/html/mailscanner/temp directory as it kept on giving me permission errors and wouldnt copy the files.

I used the following (I hope not doing anything that will affect security of the box :) )

sudo chmod 777 /var/www/html/mailscanner/temp

Thanks again

Re: Clamd update kills my EFA

Posted: 15 Aug 2019 06:38
by iandarke
Thanks -- I had the same issue and this resolved it for me.

Re: Clamd update kills my EFA

Posted: 02 Oct 2019 04:02
by barbours
Solution worked for me as well. Thanks all.