Clamd update kills my EFA

General eFa discussion
Post Reply
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Clamd update kills my EFA

Post by jamerson »

Hi guys,
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.

Code: Select all

Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: Clamd found 1 infections
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
alle emails are infected according to the CLAM. to release the emails we had to reboot the EFA otherwise they are not deleverd.
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen

Code: Select all

Subject: Cron <clam@filter> [ -x /usr/bin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/clamav>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=clam>
X-Cron-Env: <USER=clam>

Code: Select all

[root@filter admin]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

The Solutions is :


the solution is

Code: Select all

 /etc/clamav-unofficial-sigs/master.conf
 yararulesproject_enabled="no"
 enable_yararules="no"
delete *.yar and *.yara from /var/lib/clamav/
command to delete and restart the service

Code: Select all

sudo rm /var/lib/clamav/*yar
sudo rm /var/lib/clamav/*yara
sudo service clamd start
Last edited by jamerson on 29 Jul 2019 15:33, edited 5 times in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
jamerson
Posts: 164
Joined: 19 Aug 2017 18:57
Location: kaaskop

Re: Clamd update kills my EFA

Post by jamerson »

See above the solution.
if you have any questions let me know
Last edited by jamerson on 13 Jul 2018 11:28, edited 1 time in total.
Version eFa 4.0.0 RC1 now available in testing repo. Come join us in advancing eFa!
User avatar
bikertrash
Posts: 49
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Clamd update kills my EFA

Post by bikertrash »

Thank you for this... looks like it did the trick for me as well.
"If it ain't broke, it needs a lot more fix'n."
rvwaveren
Posts: 8
Joined: 01 Jun 2016 13:29

Re: Clamd update kills my EFA

Post by rvwaveren »

Just replying to say this fixed it for me as well, thanks!
jogomes
Posts: 21
Joined: 12 Oct 2016 15:59

Re: Clamd update kills my EFA

Post by jogomes »

Hi to all,

Updating to Clamav 0.100.1 did caused the issue.
Solution presented solved the issue.

Thanks.
JG
g-force-j
Posts: 1
Joined: 28 Mar 2019 16:26

Re: Clamd update kills my EFA

Post by g-force-j »

Hi all,

Updating to 0.101.2 and EFA-3.0.2.6 caused this for me.

The solution still works!
larsborris
Posts: 1
Joined: 07 May 2019 18:41

Re: Clamd update kills my EFA

Post by larsborris »

Hello!

Just started with eFa today.
I downloaded the newest hyper-v template, updated it and it broke.
However, this solved my problem.
Gogo
Posts: 3
Joined: 24 May 2019 11:38

Re: Clamd update kills my EFA

Post by Gogo »

Great solution to this problem.
Thanks all
andyhud
Posts: 17
Joined: 15 May 2014 14:57

Re: Clamd update kills my EFA

Post by andyhud »

+1

Great solution - works well
djshaunvt
Posts: 13
Joined: 30 Jun 2019 11:48

Re: Clamd update kills my EFA

Post by djshaunvt »

Thanks for your post.

I am a bit of a Centos noob.

I have edited the options in master.conf but I'm stuck by the the line of code that says:

delete *.yar and *.yara from /var/lib/clamav/

Are you supposed to run that in the Centos Shell ?

Thanks.
User avatar
shawniverson
Posts: 3640
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Clamd update kills my EFA

Post by shawniverson »

Code: Select all

rm /var/lib/clamav/*yar
rm /var/lib/clamav/*yara
djshaunvt
Posts: 13
Joined: 30 Jun 2019 11:48

Re: Clamd update kills my EFA

Post by djshaunvt »

Thanks that was it..

Appreciated :D
djshaunvt
Posts: 13
Joined: 30 Jun 2019 11:48

Re: Clamd update kills my EFA

Post by djshaunvt »

Only the powers that be now know how I'm going to pull this one off :idea:

viewtopic.php?t=3311
djshaunvt
Posts: 13
Joined: 30 Jun 2019 11:48

Re: Clamd update kills my EFA

Post by djshaunvt »

Thanks,

Managed to pull it off by connecting to the Centos EFA server Via Winscp and had to modify permissions to the /var/www/html/mailscanner/temp directory as it kept on giving me permission errors and wouldnt copy the files.

I used the following (I hope not doing anything that will affect security of the box :) )

sudo chmod 777 /var/www/html/mailscanner/temp

Thanks again
iandarke
Posts: 13
Joined: 23 Apr 2015 23:18

Re: Clamd update kills my EFA

Post by iandarke »

Thanks -- I had the same issue and this resolved it for me.
barbours
Posts: 26
Joined: 24 Sep 2019 06:13

Re: Clamd update kills my EFA

Post by barbours »

Solution worked for me as well. Thanks all.
Post Reply