Update to 3.0.0.8 clamd issue

Report bugs and workarounds
kazman
Posts: 8
Joined: 08 Sep 2014 00:22

Update to 3.0.0.8 clamd issue

Post by kazman »

Hi,

I have just upgraded EFA 3.0.0.7 to 3.0.0.8 which seem to go well except that clamd is not starting.

I am getting the following error when I try to start it manually.

Starting Clam AntiVirus Daemon: ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf

I have checked the clamd.conf file and everything is remarked out. I tried copying the clamd.conf from the old version of EFA (3.0.0.7) but then I get user and group not created. It looks like clamd isn't installed correctly. I have tried twice upgrading with the same issue. I have tied reinstalling clamd with the same issue.

Any ideas.

Thanks in advanced.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

There should be an update log file in the following location:

/var/log/EFA

Please attach a copy of this log or use a pastebin to share so we can see what went wrong.

As for your immediate issue, it sounds like clamd.conf wasn't modified properly.

1) Drop in your old clamd.conf just like you did.

2) Review the following lines. Fix any that are commented out or different than here.

Code: Select all

LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
User clam
kazman
Posts: 8
Joined: 08 Sep 2014 00:22

Re: Update to 3.0.0.8 clamd issue

Post by kazman »

Hi,

I have attached the log but change the file type to jpg.

Looking at the logs I have noticed that the user clam doesn't exist.

chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'

I have attached the log for the update. I did copy the old version of clamd.conf and i get this error

Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clam.
[FAILED]


Here is the last part of the clamd.log

Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status

This is the log from 3.0.0.7 which was working. Not sure why it is stating that it is using the user clamav.

Sun May 31 19:30:50 2015 -> Running as user clamav (UID 498, GID 499)
Sun May 31 19:30:50 2015 -> Log file size limited to 4294967295 bytes.
Sun May 31 19:30:50 2015 -> Reading databases from /var/clamav
Sun May 31 19:30:50 2015 -> Not loading PUA signatures.
Sun May 31 19:30:50 2015 -> Bytecode: Security mode set to "TrustSigned".
Sun May 31 19:30:58 2015 -> Loaded 4356988 signatures.
Sun May 31 19:30:59 2015 -> TCP: Bound to address 127.0.0.1 on port 3310
Sun May 31 19:30:59 2015 -> TCP: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
Sun May 31 19:30:59 2015 -> LOCAL: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> Limits: Global size limit set to 104857600 bytes.
Sun May 31 19:30:59 2015 -> Limits: File size limit set to 26214400 bytes.
Sun May 31 19:30:59 2015 -> Limits: Recursion level limit set to 16.
Sun May 31 19:30:59 2015 -> Limits: Files limit set to 10000.
Sun May 31 19:30:59 2015 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun May 31 19:30:59 2015 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

The previous clamd was from repoforge and used clamav as the user.

We are transitioning to epel which uses clam as the user.

Sorry, I don't see your update.log, can you reattach it?
mac.linux.free
Posts: 28
Joined: 31 May 2015 20:37

Re: Update to 3.0.0.8 clamd issue

Post by mac.linux.free »

I found the error....

...edit the /etc/clamd.conf

DatabaseDirectory /var/lib/clamav
User clam

then reboot or start clamd with service clamd start && service MailScannner restart

pls fix this in the update script.

thx a lot
kazman
Posts: 8
Joined: 08 Sep 2014 00:22

Re: Update to 3.0.0.8 clamd issue

Post by kazman »

Hi here is the log

http://pastebin.com/RC1K8WXK

Hi mac.linux.free, thanks for answering I have added those to the clamd.conf file as shawniverson suggested. Created the user clam and chown the directory /var/lib/clamav and got this error.

Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

Thanks!

The cause of your problem is the atomic repo. It is in conflict with the epel repo. The clam packages that installed came from atomic instead of epel.

I will need to spin up a VM and diagnose this for a fix.
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Update to 3.0.0.8 clamd issue

Post by DaN »

@kazman
Do you start with EFA 3.0.0.7 or an earlier version?
mac.linux.free
Posts: 28
Joined: 31 May 2015 20:37

Re: Update to 3.0.0.8 clamd issue

Post by mac.linux.free »

I started with 3.0.0.7
kazman
Posts: 8
Joined: 08 Sep 2014 00:22

Re: Update to 3.0.0.8 clamd issue

Post by kazman »

Hi,

I upgraded from 3.0.0.7 to 3.0.0.8
mac.linux.free
Posts: 28
Joined: 31 May 2015 20:37

Re: Update to 3.0.0.8 clamd issue

Post by mac.linux.free »

Any news ?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

Working on this...
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

First off..

Don't use the atomic repo on EFA. I won't support this configuration. CentOS warns against using this repo anyway and has it listed as a Known Problem Repository. http://wiki.centos.org/AdditionalResources/Repositories

EFA is a virtual appliance. You modify it at your own risk. Adding other repositories to EFA is a good way to bork your system and cause problems.

Personally, I would advise tossing out the instance and starting over. The atomic repo is likely to have caused other less obvious problems.

<disclaimer> If you insist on using atomic, you are on your own. </disclaimer>

To hopefully fix the clam issue....

1) Remove the clam packages and ignore dependencies

Code: Select all

sudo yum erase clamav clamav-db clamd
2) Disable the atomic repo. Place the name in place of <nameofrepo> without brackets.

Code: Select all

suto yum --disablerepo=<nameofrepo>
3) Reinstall clam

Code: Select all

sudo yum install clamav clamav-db clamd
Tweaking will be needed in the configs and possibly the filesystem as previously mentioned.
mac.linux.free
Posts: 28
Joined: 31 May 2015 20:37

Re: Update to 3.0.0.8 clamd issue

Post by mac.linux.free »

Thanks for the info.

Do you mean the EPEL-Repo to disable ?

Or which repo should I disable ?
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by shawniverson »

Nope, the atomic repo kazman is using. Not sure what repos you have. EPEL should remain enabled.
kazman
Posts: 8
Joined: 08 Sep 2014 00:22

Re: Update to 3.0.0.8 clamd issue

Post by kazman »

Thanks. I reverted back to the snapshot that was working and ran this command

yum remove atomic-release

That removed atomic. I added it so I could install ossec. Completely forgot I still had it. Once I removed it I did the update and it worked a treat. Thank you very much for investigating this.
operator207
Posts: 8
Joined: 06 May 2014 21:33

Re: Update to 3.0.0.8 clamd issue

Post by operator207 »

Same issue here, though do not have any repos that I am aware of installed other than whatever EFA needs. Had to change the user to clam and the databasedirectory as well.

Not sure the cause either. Stock setup, and while my setup was set to auto update, it did not and was still at 3.0.0.6. This happened after an upgrade to 3.0.0.8. If needed i cam pull logs, let me know. the only odd ball piece was that i updated for the bash problem manually when it came out.
gspearson69
Posts: 2
Joined: 23 Jun 2015 15:46

Re: Update to 3.0.0.8 clamd issue

Post by gspearson69 »

I have the same issue without modifying any repositories and having a stock EFA Install. The system has done 8 updates since 2014-02-11 until the one that was done today at 03:15.

In looking at the update log, I am getting unknown user clam:clam.

No Packages marked for Update
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'

This happened right before the package unbound-1.5 was installed


Then at the end of the update script
Reloading postfix: [ OK ]^M
Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clamav.
[FAILED]^M
WARNING: Can't get information about user clam.
Starting MailScanner daemons:
incoming postfix: [ OK ]^M
outgoing postfix: [ OK ]^M
MailScanner: [ OK ]^M
3.0.0.8 update is complete
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by darky83 »

What do you get when you run:

Code: Select all

sudo yum list installed clam*

Should be similar to:

Code: Select all

Installed Packages
clamav.x86_64                                                                               0.98.7-1.el6                                                                            @epel
clamav-db.x86_64                                                                            0.98.7-1.el6                                                                            @epel
clamd.x86_64                                                                                0.98.7-1.el6                                                                            @epel
Is there any difference ?
Version eFa 4.x now available!
gspearson69
Posts: 2
Joined: 23 Jun 2015 15:46

Re: Update to 3.0.0.8 clamd issue

Post by gspearson69 »

I solved this by modifying the /etc/yum.conf and on the exclude line removed the clamav* clam*

I performed an yum update clamav-db clamd clamav


I reenabled the exclude line for the clamav stuff in /etc/yum.conf and started clamd, restarted mailScanner and now mail is flowing.
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by darky83 »

Can it be that you manually modified the yum.conf file like someone mentioned here: (viewtopic.php?f=14&t=1024&p=3231&hilit=yum.conf#p3231) ?

We never set an exclude in the yum.conf file in E.F.A. we use the EFA-update scripts to exclude clam packages from within the EFA-Update script so the exclude line must have been manually added.
Version eFa 4.x now available!
DaN
Posts: 240
Joined: 19 Nov 2014 10:04
Location: Earth

Re: Update to 3.0.0.8 clamd issue

Post by DaN »

@darky83

Just to be on the safe side, on 3.0.0.7 is

Code: Select all

clamav.x86_64                       0.98.4-1.el6.rf                    @rpmforge
clamav-db.x86_64                    0.98-2.el6.rf                      @rpmforge
clamd.x86_64                        0.98.4-1.el6.rf                    @rpmforge
after a

Code: Select all

sudo yum list installed clam*
right. Right?
User avatar
darky83
Site Admin
Posts: 540
Joined: 30 Sep 2012 11:03
Location: eFa
Contact:

Re: Update to 3.0.0.8 clamd issue

Post by darky83 »

Yep on 3.0.0.7 the repo should be rpmforge on 3.0.0.8 it should be epel.

we partially removed rpmforge in 3.0.0.8 and in 3.0.0.9 it will be removed completely (as rpmforge is not maintained anymore)
Version eFa 4.x now available!
operator207
Posts: 8
Joined: 06 May 2014 21:33

Re: Update to 3.0.0.8 clamd issue

Post by operator207 »

darky83 wrote:What do you get when you run:

Code: Select all

sudo yum list installed clam*

Should be similar to:

Code: Select all

Installed Packages
clamav.x86_64                                                                               0.98.7-1.el6                                                                            @epel
clamav-db.x86_64                                                                            0.98.7-1.el6                                                                            @epel
clamd.x86_64                                                                                0.98.7-1.el6                                                                            @epel
Is there any difference ?

That appears to be what I have on 3.0.0.8:

Code: Select all

Installed Packages
clamav.x86_64                          0.98.7-1.el6                        @epel
clamav-db.x86_64                       0.98.7-1.el6                        @epel
clamd.x86_64                           0.98.7-1.el6                        @epel
operator207
Posts: 8
Joined: 06 May 2014 21:33

Re: Update to 3.0.0.8 clamd issue

Post by operator207 »

darky83 wrote:Can it be that you manually modified the yum.conf file like someone mentioned here: (viewtopic.php?f=14&t=1024&p=3231&hilit=yum.conf#p3231) ?

We never set an exclude in the yum.conf file in E.F.A. we use the EFA-update scripts to exclude clam packages from within the EFA-Update script so the exclude line must have been manually added.
I checked my yum.conf, it seems to be default:

Code: Select all

[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=19&ref=http://b+ugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release

#  This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
#  It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m

# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d
Post Reply