Clamd update kills my EFA
Posted: 13 Jul 2018 08:33
Hi guys,
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.
alle emails are infected according to the CLAM. to release the emails we had to reboot the EFA otherwise they are not deleverd.
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen
The Solutions is :
the solution is
command to delete and restart the service
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.
Code: Select all
Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: Clamd found 1 infections
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen
Code: Select all
Subject: Cron <clam@filter> [ -x /usr/bin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/clamav>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=clam>
X-Cron-Env: <USER=clam>
Code: Select all
[root@filter admin]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them
The Solutions is :
the solution is
Code: Select all
/etc/clamav-unofficial-sigs/master.conf
yararulesproject_enabled="no"
enable_yararules="no"
delete *.yar and *.yara from /var/lib/clamav/
Code: Select all
sudo rm /var/lib/clamav/*yar
sudo rm /var/lib/clamav/*yara
sudo service clamd start