ClamAV Vulnerabilities

Report bugs and workarounds
henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV Vulnerabilities

Post by henk » 14 Mar 2018 19:03

Besides go to church or start praying? :pray:

You did put the # on the start of the exclude line in /etc/yum.conf?

Can you post the result

Code: Select all

yum list clamav

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: ClamAV Vulnerabilities

Post by pdwalker » 15 Mar 2018 06:49

henk wrote:
14 Mar 2018 09:43
clamav-db.x86_64 0.99.4-1.el6 has landed :D
yep, just updated mine and got 99.4-1.

dwmp, if you are still having a problem, check your /etc/yum.conf as henk suggests.

Also, since it is being pulled from the epel repo, check your /etc/yum.repos.d/epel.repo file.

Is the "Extra Packages for Enterprise Linux 6 - $basearch" "enabled = 1"?

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 19 Mar 2018 08:41

Hi!

Thank you very much. I was totally at a loss, I didn't see that the line in yum.conf was NOT comment (I have added # now).
Now I get clamav updates, but also updates for kernel, kernel-firmware and so on. So my (hopefully) last two questions:
- is it safe to install them as well?
- shall I remove the # from the yum.conf-file after I installed updates?

Thanks for your patience!

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV Vulnerabilities

Post by henk » 19 Mar 2018 09:28

I've got bad days on a regular basis :lol:
- is it safe to install them as well? Yes
- shall I remove the # from the yum.conf-file after I installed updates? I always restore the original situation. (incl the #)

Make snapshot or backup.
Stop mail flow
stop crond.

Code: Select all

service crond stop
and reboot after the update. (updates for kernel, kernel-firmware)

check the logs :!:

enjoy E.F.A ;)

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 19 Mar 2018 10:05

I will do that, thank you! :)

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: ClamAV Vulnerabilities

Post by pdwalker » 19 Mar 2018 11:37

henk wrote:
19 Mar 2018 09:28
I've got bad days on a regular basis :lol:
[snip]
Make snapshot or backup.
[snip]
You don't have to make a snapshot or backup, if you're supremely confident that can can solve any kind of problem that results from a bad update (like myself).

However, I can tell you that some of my worst days were because I didn't take a snapshot or backup.

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 21 Mar 2018 06:17

Worked! Thank you for your help again.
After update installations I added the "#" in yum.conf again to restore original state
Thanks!

budy
Posts: 74
Joined: 10 Sep 2017 07:33

Re: ClamAV Vulnerabilities

Post by budy » 28 Mar 2018 09:36

I actually don't see the need for that. Afair, this change had been introduced when updating to the latest or some other newer versions of eFa.
I did not comment this line, since I also want the next updates to ClamAv to make it onto my eFa automatically.

User avatar
pdwalker
Posts: 1116
Joined: 18 Mar 2015 09:16

Re: ClamAV Vulnerabilities

Post by pdwalker » 28 Mar 2018 09:53

budy is right I believe.

Would shawniverson care to comment?

User avatar
shawniverson
Posts: 2605
Joined: 13 Jan 2014 23:30
Location: Rushville, Indiana, USA
Contact:

Re: ClamAV Vulnerabilities

Post by shawniverson » 28 Mar 2018 13:52

You may leave the exclusions commented out. No more updates are pending for v3, and I am working daily on v4.
Version 3.0.2.6 released! Update now to keep your eFa secure!

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 04 Apr 2018 12:29

Alright, thanks for the information/support, guys!

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV Vulnerabilities version: 0.100.0

Post by henk » 11 Apr 2018 21:31

ClamAV reached the 100 mark :ugeek:
Software version from DNS: 0.100.0
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.99.4 Recommended version: 0.100.0

It's not available in the repo yet. Just wait for it. :hand:

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV 0.100.0 available

Post by henk » 14 Jul 2018 21:38

As there is already version 0.100.1, upgrading to 0.100.0 is still recommended. It contains many code submissions from the ClamAV community.
https://github.com/Cisco-Talos/clamav-d ... 1/NEWS.md
My upgrade steps.

Check for updates

Code: Select all

yum check-update
Make backup :lol:

As I dont like cronjobs during the upgrade ( stop the mailflow) and stop clam

Code: Select all

service crond stop
service clamd stop
upgrade

Code: Select all

yum upgrade
Remove old database

Code: Select all

rm /var/lib/clamav/daily.cld
Get new dbs

Code: Select all

freshclam -v
sa-update -v
To get rid of yara related errors. ( you can always enable it again)
/etc/clamav-unofficial-sigs/master.conf

Code: Select all

yararulesproject_enabled="no"
enable_yararules="no"
And delete or move to backup dir from /var/lib/clamav/

Code: Select all

rm /var/lib/clamav/*yar
rm /var/lib/clamav/*yara  
Check clamd.conf and freshclam.conf for custom and depricated settings
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew

Code: Select all

service clamd start
reboot to check it all ( new kernel?)

check the logs :violin:

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Clamav 100.1-1 - ClamAV Vulnerabilities

Post by henk » 25 Jul 2018 07:26

Clamav 100.1-1 available.

Code: Select all

yum list clamav
Installed Packages
clamav.x86_64 0.100.0-1.el6 @epel
Available Packages
clamav.i686 0.100.1-1.el6 epel
clamav.x86_64 0.100.1-1.el6 epel

after update: run

Code: Select all

freshclam -v
and

Code: Select all

sa-update -v
check clamav

Code: Select all

service clamd restart
Stopping Clam AntiVirus Daemon:                            [  OK  ]
Starting Clam AntiVirus Daemon:                            [  OK  ]
[

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 30 Jul 2018 08:32

Hello,

I tried to install the updates without success, what I did:
- disable mail income, create backup
- comment the line

Code: Select all

#exclude=kernel* postfix* mailscanner* MailScanner* clamav* clamd* open-vm-tools*

Code: Select all

service crond stop

Code: Select all

sudo yum update
- Reboot
- Installing Webmin update
- Reboot
=> While booting I saw some ClamAV-related erros, also I got some error notifications "service <postfix/httpd/mysql/clamd> down and restarted..." (the notification for clamd came 3 times). So I did the following:

Code: Select all

service crond stop
service clamd stop
rm /var/lib/clamav/daily.cld
freshclam -v
sa-update –v
service clamd start
- Reboot
- Everything seemed fine, boot errors regarding clamav were still there but I "realized" they have been there before the updates without making problems
- I enabled mail income + wrote some test mails
=> the first came properly through, the second (and also another incoming mail) one appeared in in MailWatch but didn't come to my Outlook. After a moment the message appeared again in the MailWatch-list, that went on every few seconds so after a few minutes I had great list in MailWatch including those two emails appearing again and again (but without releasing them to the mailboxes in the mailserver)
=> So I shut down EFA again and restored the backup/snapshot, so now it is running again (but old versions of course).

I saved the corrupt state and now I am trying to find out what the problem was, to execute the update again (and this time properly).
I viewed some logs but I didn't get a hint what the reason might be. Wenn I shut it down it says FAILED when trying to stop the Clamav service.
Has someone an idea what to do?
Thanks!

BR
dwmp

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV Vulnerabilities

Post by henk » 30 Jul 2018 08:37

Seems you missed some steps in this post

to get rid of yara related errors. ( you can always enable it again)
/etc/clamav-unofficial-sigs/master.conf

yararulesproject_enabled="no"
enable_yararules="no"

And delete or move to backup dir from /var/lib/clamav/

Code: Select all

rm /var/lib/clamav/*yar
rm /var/lib/clamav/*yara

dwmp
Posts: 40
Joined: 05 Feb 2016 13:42

Re: ClamAV Vulnerabilities

Post by dwmp » 08 Aug 2018 05:43

Thank you! I will try that.
Do you think that the problem (that mails are not coming through Outlook and reappearing in Mailwatch list) will also be resolved with your recommendation?
Or is it only for the boot-error-messages?

henk
Posts: 171
Joined: 14 Dec 2015 22:16
Location: Netherlands
Contact:

Re: ClamAV Vulnerabilities

Post by henk » 08 Aug 2018 08:48

I quess you will find the answer in this post viewtopic.php?f=14&p=12615#p12615 :)

Post Reply