Clamd update kills my EFA

General E.F.A. discussion
Post Reply
jamerson
Posts: 85
Joined: 19 Aug 2017 18:57

Clamd update kills my EFA

Post by jamerson » 13 Jul 2018 08:33

Hi guys,
after the last update of the antivirus CLAMD my EFA keeps detecting everything as spam.

Code: Select all

Clamd::ERROR:: COULD NOT CONNECT TO CLAMD, RECOMMEND RESTARTING DAEMON :: .
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: Clamd found 1 infections
Jul 13 10:20:42 filter MailScanner[3045]: Virus Scanning: No virus scanners worked, so message batch was abandoned and retried!
alle emails are infected according to the CLAM. to release the emails we had to reboot the EFA otherwise they are not deleverd.
when i log to the web gui i can see the emails there but to release them is only reboot the EFA.
E-mail Preambulen

Code: Select all

Subject: Cron <clam@filter> [ -x /usr/bin/clamav-unofficial-sigs.sh ] && /bin/bash /usr/bin/clamav-unofficial-sigs.sh > /dev/null
Content-Type: text/plain; charset=UTF-8
Auto-Submitted: auto-generated
X-Cron-Env: <LANG=en_US.UTF-8>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/lib/clamav>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=clam>
X-Cron-Env: <USER=clam>

Code: Select all

[root@filter admin]# service clamd start
Starting Clam AntiVirus Daemon: LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 497 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 512 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 528 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 544 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 557 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 603 undefined identifier "pe"
LibClamAV Error: yyerror(): /var/lib/clamav/antidebug_antivm.yar line 614 undefined identifier "pe"
LibClamAV Warning: cli_loadyara: failed to parse or load 7 yara rules from file /var/lib/clamav/antidebug_antivm.yar, successfully loaded 92 rules.
LibClamAV Warning: Detected duplicate databases /var/lib/clamav/main.cvd and /var/lib/clamav/main.cld, please manually remove one of them

The Solutions is :

Thanks to Spammy,
the solution is

Code: Select all

 /etc/clamav-unofficial-sigs/master.conf
 yararulesproject_enabled="no"
 enable_yararules="no"
delete *.yar and *.yara from /var/lib/clamav/
command to delete and restart the service

Code: Select all

sudo rm /var/lib/clamav/*yar
sudo rm /var/lib/clamav/*yara
sudo service clamd start
Last edited by jamerson on 13 Jul 2018 11:39, edited 4 times in total.

jamerson
Posts: 85
Joined: 19 Aug 2017 18:57

Re: Clamd update kills my EFA

Post by jamerson » 13 Jul 2018 08:51

See above the solution.
if you have any questions let me know
Last edited by jamerson on 13 Jul 2018 11:28, edited 1 time in total.

User avatar
bikertrash
Posts: 5
Joined: 03 Feb 2016 12:53
Location: San Diego, CA
Contact:

Re: Clamd update kills my EFA

Post by bikertrash » 13 Jul 2018 10:57

Thank you for this... looks like it did the trick for me as well.
"If it ain't broke, it needs a lot more fix'n."

Post Reply