Clamd update kills my EFA

General eFa discussion
Post Reply
jamerson
Posts: 119
Joined: 19 Aug 2017 18:57
Location: kaaskop

Clamd update kills my EFA

Post by jamerson » 13 Jul 2018 08:33

Hi guys,
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.

Code: Select all

Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: Clamd found 1 infections
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
alle emails are infected according to the CLAM. to release the emails we had to reboot the EFA otherwise they are not deleverd.
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen

Code: Select all

Subject: Cron <clam@filter> [ -x /usr/bin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/clamav>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=clam>
X-Cron-Env: <USER=clam>

Code: Select all

[root@filter admin]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

The Solutions is :

Thanks to Spammy,
the solution is

Code: Select all

 /etc/clamav-unofficial-sigs/master.conf
 yararulesproject_enabled="no"
 enable_yararules="no"
delete *.yar and *.yara from /var/lib/clamav/
command to delete and restart the service

Code: Select all

sudo rm /var/lib/clamav/*yar
sudo rm /var/lib/clamav/*yara
sudo service clamd start
Last edited by jamerson on 13 Jul 2018 11:39, edited 4 times in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

jamerson
Posts: 119
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: Clamd update kills my EFA

Post by jamerson » 13 Jul 2018 08:51

See above the solution.
if you have any questions let me know
Last edited by jamerson on 13 Jul 2018 11:28, edited 1 time in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!

User avatar
bikertrash
Posts: 13
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Clamd update kills my EFA

Post by bikertrash » 13 Jul 2018 10:57

Thank you for this... looks like it did the trick for me as well.
"If it ain't broke, it needs a lot more fix'n."

rvwaveren
Posts: 8
Joined: 01 Jun 2016 13:29

Re: Clamd update kills my EFA

Post by rvwaveren » 25 Jul 2018 09:44

Just replying to say this fixed it for me as well, thanks!

jogomes
Posts: 12
Joined: 12 Oct 2016 15:59

Re: Clamd update kills my EFA

Post by jogomes » 25 Jul 2018 10:51

Hi to all,

Updating to Clamav 0.100.1 did caused the issue.
Solution presented solved the issue.

Thanks.
JG

g-force-j
Posts: 1
Joined: 28 Mar 2019 16:26

Re: Clamd update kills my EFA

Post by g-force-j » 28 Mar 2019 16:28

Hi all,

Updating to 0.101.2 and EFA-3.0.2.6 caused this for me.

The solution still works!

larsborris
Posts: 1
Joined: 07 May 2019 18:41

Re: Clamd update kills my EFA

Post by larsborris » 07 May 2019 18:54

Hello!

Just started with eFa today.
I downloaded the newest hyper-v template, updated it and it broke.
However, this solved my problem.

Gogo
Posts: 3
Joined: 24 May 2019 11:38

Re: Clamd update kills my EFA

Post by Gogo » 04 Jun 2019 07:26

Great solution to this problem.
Thanks all

Post Reply