Update to 3.0.0.8 clamd issue
Update to 3.0.0.8 clamd issue
Hi,
I have just upgraded EFA 3.0.0.7 to 3.0.0.8 which seem to go well except that clamd is not starting.
I am getting the following error when I try to start it manually.
Starting Clam AntiVirus Daemon: ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf
I have checked the clamd.conf file and everything is remarked out. I tried copying the clamd.conf from the old version of EFA (3.0.0.7) but then I get user and group not created. It looks like clamd isn't installed correctly. I have tried twice upgrading with the same issue. I have tied reinstalling clamd with the same issue.
Any ideas.
Thanks in advanced.
I have just upgraded EFA 3.0.0.7 to 3.0.0.8 which seem to go well except that clamd is not starting.
I am getting the following error when I try to start it manually.
Starting Clam AntiVirus Daemon: ERROR: Please edit the example config file /etc/clamd.conf
ERROR: Can't open/parse the config file /etc/clamd.conf
I have checked the clamd.conf file and everything is remarked out. I tried copying the clamd.conf from the old version of EFA (3.0.0.7) but then I get user and group not created. It looks like clamd isn't installed correctly. I have tried twice upgrading with the same issue. I have tied reinstalling clamd with the same issue.
Any ideas.
Thanks in advanced.
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
There should be an update log file in the following location:
/var/log/EFA
Please attach a copy of this log or use a pastebin to share so we can see what went wrong.
As for your immediate issue, it sounds like clamd.conf wasn't modified properly.
1) Drop in your old clamd.conf just like you did.
2) Review the following lines. Fix any that are commented out or different than here.
/var/log/EFA
Please attach a copy of this log or use a pastebin to share so we can see what went wrong.
As for your immediate issue, it sounds like clamd.conf wasn't modified properly.
1) Drop in your old clamd.conf just like you did.
2) Review the following lines. Fix any that are commented out or different than here.
Code: Select all
LogFile /var/log/clamav/clamd.log
PidFile /var/run/clamav/clamd.pid
DatabaseDirectory /var/lib/clamav
LocalSocket /var/run/clamav/clamd.sock
User clam
Re: Update to 3.0.0.8 clamd issue
Hi,
I have attached the log but change the file type to jpg.
Looking at the logs I have noticed that the user clam doesn't exist.
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
I have attached the log for the update. I did copy the old version of clamd.conf and i get this error
Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clam.
[FAILED]
Here is the last part of the clamd.log
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
This is the log from 3.0.0.7 which was working. Not sure why it is stating that it is using the user clamav.
Sun May 31 19:30:50 2015 -> Running as user clamav (UID 498, GID 499)
Sun May 31 19:30:50 2015 -> Log file size limited to 4294967295 bytes.
Sun May 31 19:30:50 2015 -> Reading databases from /var/clamav
Sun May 31 19:30:50 2015 -> Not loading PUA signatures.
Sun May 31 19:30:50 2015 -> Bytecode: Security mode set to "TrustSigned".
Sun May 31 19:30:58 2015 -> Loaded 4356988 signatures.
Sun May 31 19:30:59 2015 -> TCP: Bound to address 127.0.0.1 on port 3310
Sun May 31 19:30:59 2015 -> TCP: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
Sun May 31 19:30:59 2015 -> LOCAL: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> Limits: Global size limit set to 104857600 bytes.
Sun May 31 19:30:59 2015 -> Limits: File size limit set to 26214400 bytes.
Sun May 31 19:30:59 2015 -> Limits: Recursion level limit set to 16.
Sun May 31 19:30:59 2015 -> Limits: Files limit set to 10000.
Sun May 31 19:30:59 2015 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun May 31 19:30:59 2015 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes
I have attached the log but change the file type to jpg.
Looking at the logs I have noticed that the user clam doesn't exist.
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
I have attached the log for the update. I did copy the old version of clamd.conf and i get this error
Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clam.
[FAILED]
Here is the last part of the clamd.log
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
This is the log from 3.0.0.7 which was working. Not sure why it is stating that it is using the user clamav.
Sun May 31 19:30:50 2015 -> Running as user clamav (UID 498, GID 499)
Sun May 31 19:30:50 2015 -> Log file size limited to 4294967295 bytes.
Sun May 31 19:30:50 2015 -> Reading databases from /var/clamav
Sun May 31 19:30:50 2015 -> Not loading PUA signatures.
Sun May 31 19:30:50 2015 -> Bytecode: Security mode set to "TrustSigned".
Sun May 31 19:30:58 2015 -> Loaded 4356988 signatures.
Sun May 31 19:30:59 2015 -> TCP: Bound to address 127.0.0.1 on port 3310
Sun May 31 19:30:59 2015 -> TCP: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> LOCAL: Unix socket file /var/run/clamav/clamd.sock
Sun May 31 19:30:59 2015 -> LOCAL: Setting connection queue length to 30
Sun May 31 19:30:59 2015 -> Limits: Global size limit set to 104857600 bytes.
Sun May 31 19:30:59 2015 -> Limits: File size limit set to 26214400 bytes.
Sun May 31 19:30:59 2015 -> Limits: Recursion level limit set to 16.
Sun May 31 19:30:59 2015 -> Limits: Files limit set to 10000.
Sun May 31 19:30:59 2015 -> Limits: MaxEmbeddedPE limit set to 10485760 bytes.
Sun May 31 19:30:59 2015 -> Limits: MaxHTMLNormalize limit set to 10485760 bytes
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
The previous clamd was from repoforge and used clamav as the user.
We are transitioning to epel which uses clam as the user.
Sorry, I don't see your update.log, can you reattach it?
We are transitioning to epel which uses clam as the user.
Sorry, I don't see your update.log, can you reattach it?
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: Update to 3.0.0.8 clamd issue
I found the error....
...edit the /etc/clamd.conf
DatabaseDirectory /var/lib/clamav
User clam
then reboot or start clamd with service clamd start && service MailScannner restart
pls fix this in the update script.
thx a lot
...edit the /etc/clamd.conf
DatabaseDirectory /var/lib/clamav
User clam
then reboot or start clamd with service clamd start && service MailScannner restart
pls fix this in the update script.
thx a lot
Re: Update to 3.0.0.8 clamd issue
Hi here is the log
http://pastebin.com/RC1K8WXK
Hi mac.linux.free, thanks for answering I have added those to the clamd.conf file as shawniverson suggested. Created the user clam and chown the directory /var/lib/clamav and got this error.
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
http://pastebin.com/RC1K8WXK
Hi mac.linux.free, thanks for answering I have added those to the clamd.conf file as shawniverson suggested. Created the user clam and chown the directory /var/lib/clamav and got this error.
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
+++ Started at Sun May 31 19:53:05 2015
clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Running as user clam (UID 502, GID 502)
Log file size limited to 1048576 bytes.
Reading databases from /var/lib/clamav
Not loading PUA signatures.
Bytecode: Security mode set to "TrustSigned".
ERROR: Can't get file status
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
Thanks!
The cause of your problem is the atomic repo. It is in conflict with the epel repo. The clam packages that installed came from atomic instead of epel.
I will need to spin up a VM and diagnose this for a fix.
The cause of your problem is the atomic repo. It is in conflict with the epel repo. The clam packages that installed came from atomic instead of epel.
I will need to spin up a VM and diagnose this for a fix.
Re: Update to 3.0.0.8 clamd issue
@kazman
Do you start with EFA 3.0.0.7 or an earlier version?
Do you start with EFA 3.0.0.7 or an earlier version?
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: Update to 3.0.0.8 clamd issue
I started with 3.0.0.7
Re: Update to 3.0.0.8 clamd issue
Hi,
I upgraded from 3.0.0.7 to 3.0.0.8
I upgraded from 3.0.0.7 to 3.0.0.8
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
Working on this...
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
First off..
Don't use the atomic repo on EFA. I won't support this configuration. CentOS warns against using this repo anyway and has it listed as a Known Problem Repository. http://wiki.centos.org/AdditionalResources/Repositories
EFA is a virtual appliance. You modify it at your own risk. Adding other repositories to EFA is a good way to bork your system and cause problems.
Personally, I would advise tossing out the instance and starting over. The atomic repo is likely to have caused other less obvious problems.
<disclaimer> If you insist on using atomic, you are on your own. </disclaimer>
To hopefully fix the clam issue....
1) Remove the clam packages and ignore dependencies
2) Disable the atomic repo. Place the name in place of <nameofrepo> without brackets.
3) Reinstall clam
Tweaking will be needed in the configs and possibly the filesystem as previously mentioned.
Don't use the atomic repo on EFA. I won't support this configuration. CentOS warns against using this repo anyway and has it listed as a Known Problem Repository. http://wiki.centos.org/AdditionalResources/Repositories
EFA is a virtual appliance. You modify it at your own risk. Adding other repositories to EFA is a good way to bork your system and cause problems.
Personally, I would advise tossing out the instance and starting over. The atomic repo is likely to have caused other less obvious problems.
<disclaimer> If you insist on using atomic, you are on your own. </disclaimer>
To hopefully fix the clam issue....
1) Remove the clam packages and ignore dependencies
Code: Select all
sudo yum erase clamav clamav-db clamd
Code: Select all
suto yum --disablerepo=<nameofrepo>
Code: Select all
sudo yum install clamav clamav-db clamd
-
- Posts: 28
- Joined: 31 May 2015 20:37
Re: Update to 3.0.0.8 clamd issue
Thanks for the info.
Do you mean the EPEL-Repo to disable ?
Or which repo should I disable ?
Do you mean the EPEL-Repo to disable ?
Or which repo should I disable ?
- shawniverson
- Posts: 3650
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Update to 3.0.0.8 clamd issue
Nope, the atomic repo kazman is using. Not sure what repos you have. EPEL should remain enabled.
Re: Update to 3.0.0.8 clamd issue
Thanks. I reverted back to the snapshot that was working and ran this command
yum remove atomic-release
That removed atomic. I added it so I could install ossec. Completely forgot I still had it. Once I removed it I did the update and it worked a treat. Thank you very much for investigating this.
yum remove atomic-release
That removed atomic. I added it so I could install ossec. Completely forgot I still had it. Once I removed it I did the update and it worked a treat. Thank you very much for investigating this.
-
- Posts: 8
- Joined: 06 May 2014 21:33
Re: Update to 3.0.0.8 clamd issue
Same issue here, though do not have any repos that I am aware of installed other than whatever EFA needs. Had to change the user to clam and the databasedirectory as well.
Not sure the cause either. Stock setup, and while my setup was set to auto update, it did not and was still at 3.0.0.6. This happened after an upgrade to 3.0.0.8. If needed i cam pull logs, let me know. the only odd ball piece was that i updated for the bash problem manually when it came out.
Not sure the cause either. Stock setup, and while my setup was set to auto update, it did not and was still at 3.0.0.6. This happened after an upgrade to 3.0.0.8. If needed i cam pull logs, let me know. the only odd ball piece was that i updated for the bash problem manually when it came out.
-
- Posts: 2
- Joined: 23 Jun 2015 15:46
Re: Update to 3.0.0.8 clamd issue
I have the same issue without modifying any repositories and having a stock EFA Install. The system has done 8 updates since 2014-02-11 until the one that was done today at 03:15.
In looking at the update log, I am getting unknown user clam:clam.
No Packages marked for Update
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
This happened right before the package unbound-1.5 was installed
Then at the end of the update script
Reloading postfix: [ OK ]^M
Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clamav.
[FAILED]^M
WARNING: Can't get information about user clam.
Starting MailScanner daemons:
incoming postfix: [ OK ]^M
outgoing postfix: [ OK ]^M
MailScanner: [ OK ]^M
3.0.0.8 update is complete
In looking at the update log, I am getting unknown user clam:clam.
No Packages marked for Update
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
chown: invalid user: `clam:clam'
This happened right before the package unbound-1.5 was installed
Then at the end of the update script
Reloading postfix: [ OK ]^M
Starting Clam AntiVirus Daemon: ERROR: Can't get information about user clamav.
[FAILED]^M
WARNING: Can't get information about user clam.
Starting MailScanner daemons:
incoming postfix: [ OK ]^M
outgoing postfix: [ OK ]^M
MailScanner: [ OK ]^M
3.0.0.8 update is complete
Re: Update to 3.0.0.8 clamd issue
What do you get when you run:
Should be similar to:
Is there any difference ?
Code: Select all
sudo yum list installed clam*
Should be similar to:
Code: Select all
Installed Packages
clamav.x86_64 0.98.7-1.el6 @epel
clamav-db.x86_64 0.98.7-1.el6 @epel
clamd.x86_64 0.98.7-1.el6 @epel
Version eFa 4.x now available!
-
- Posts: 2
- Joined: 23 Jun 2015 15:46
Re: Update to 3.0.0.8 clamd issue
I solved this by modifying the /etc/yum.conf and on the exclude line removed the clamav* clam*
I performed an yum update clamav-db clamd clamav
I reenabled the exclude line for the clamav stuff in /etc/yum.conf and started clamd, restarted mailScanner and now mail is flowing.
I performed an yum update clamav-db clamd clamav
I reenabled the exclude line for the clamav stuff in /etc/yum.conf and started clamd, restarted mailScanner and now mail is flowing.
Re: Update to 3.0.0.8 clamd issue
Can it be that you manually modified the yum.conf file like someone mentioned here: (viewtopic.php?f=14&t=1024&p=3231&hilit=yum.conf#p3231) ?
We never set an exclude in the yum.conf file in E.F.A. we use the EFA-update scripts to exclude clam packages from within the EFA-Update script so the exclude line must have been manually added.
We never set an exclude in the yum.conf file in E.F.A. we use the EFA-update scripts to exclude clam packages from within the EFA-Update script so the exclude line must have been manually added.
Version eFa 4.x now available!
Re: Update to 3.0.0.8 clamd issue
@darky83
Just to be on the safe side, on 3.0.0.7 is
after a
right. Right?
Just to be on the safe side, on 3.0.0.7 is
Code: Select all
clamav.x86_64 0.98.4-1.el6.rf @rpmforge
clamav-db.x86_64 0.98-2.el6.rf @rpmforge
clamd.x86_64 0.98.4-1.el6.rf @rpmforge
Code: Select all
sudo yum list installed clam*
Re: Update to 3.0.0.8 clamd issue
Yep on 3.0.0.7 the repo should be rpmforge on 3.0.0.8 it should be epel.
we partially removed rpmforge in 3.0.0.8 and in 3.0.0.9 it will be removed completely (as rpmforge is not maintained anymore)
we partially removed rpmforge in 3.0.0.8 and in 3.0.0.9 it will be removed completely (as rpmforge is not maintained anymore)
Version eFa 4.x now available!
-
- Posts: 8
- Joined: 06 May 2014 21:33
Re: Update to 3.0.0.8 clamd issue
darky83 wrote:What do you get when you run:
Code: Select all
sudo yum list installed clam*
Should be similar to:
Is there any difference ?Code: Select all
Installed Packages clamav.x86_64 0.98.7-1.el6 @epel clamav-db.x86_64 0.98.7-1.el6 @epel clamd.x86_64 0.98.7-1.el6 @epel
That appears to be what I have on 3.0.0.8:
Code: Select all
Installed Packages
clamav.x86_64 0.98.7-1.el6 @epel
clamav-db.x86_64 0.98.7-1.el6 @epel
clamd.x86_64 0.98.7-1.el6 @epel
-
- Posts: 8
- Joined: 06 May 2014 21:33
Re: Update to 3.0.0.8 clamd issue
I checked my yum.conf, it seems to be default:darky83 wrote:Can it be that you manually modified the yum.conf file like someone mentioned here: (viewtopic.php?f=14&t=1024&p=3231&hilit=yum.conf#p3231) ?
We never set an exclude in the yum.conf file in E.F.A. we use the EFA-update scripts to exclude clam packages from within the EFA-Update script so the exclude line must have been manually added.
Code: Select all
[main]
cachedir=/var/cache/yum/$basearch/$releasever
keepcache=0
debuglevel=2
logfile=/var/log/yum.log
exactarch=1
obsoletes=1
gpgcheck=1
plugins=1
installonly_limit=5
bugtracker_url=http://bugs.centos.org/set_project.php?project_id=19&ref=http://b+ugs.centos.org/bug_report_page.php?category=yum
distroverpkg=centos-release
# This is the default, if you make this bigger yum won't see if the metadata
# is newer on the remote and so you'll "gain" the bandwidth of not having to
# download the new metadata and "pay" for it by yum not having correct
# information.
# It is esp. important, to have correct metadata, for distributions like
# Fedora which don't keep old packages around. If you don't like this checking
# interupting your command line usage, it's much better to have something
# manually check the metadata once an hour (yum-updatesd will do this).
# metadata_expire=90m
# PUT YOUR REPOS HERE OR IN separate files named file.repo
# in /etc/yum.repos.d