efa-project.org

Hi
Getting this error via email each time the system tries to update:

Subject: Anacron job 'cron.daily' on xx.xxx.xxx

Body:
/etc/cron.daily/freshclam:

ERROR: Problem with internal logger (UpdateLogFile =
/var/log/clamav/freshclam.log).
ERROR: Can't open /var/log/clamav/freshclam.log in append mode (check
permissions!).

Any ideas?
ta

chown clamav:clamav /var/log/clamav/freshclam.log

thanks

In reality this does not solve problem.

I suspect clamd definitions are updated via mailscanner scripts that sets freschlam log with root perms.

Interesting....

I am not seeing this on my system, just ran a freshclam update.

Nothing else should be trying to update clamav except /etc/cron.daily/freshclam

Are you using ClamAV 0.98 or 0.98.1?

Hi Shawn

I don't think the clamav definition is supposed to be updated by classic freshclam in efa/mailscanner:

I've: clamav-0.98.1-1.el6.rf.x86_64

I've found these evidence:

1) First there is the external signature that are updated via: /etc/cron.d/clamav-unofficial-sigs-cron
2) Second i have: cat /tmp/ClamAV.update.log
--------------------------------------
ClamAV update process started at Sun Apr 20 17:07:05 2014
main.cld is up to date (version: 55, sigs: 2424225, f-level: 60, builder: neo)
daily.cld is up to date (version: 18833, sigs: 900699, f-level: 63, builder: neo)
bytecode.cvd is up to date (version: 236, sigs: 43, f-level: 63, builder: dgoddard)

This seems to be a log of a external freshclam updater

3) Third: we have /etc/cron.hourly/update_virus_scanners

I think freshclam is added when there is a clamav update from the repo.

You could try to disable freshclam and you will see that the definitions should be upgraded as well.

[root@mailgw1 cron.hourly]#

Just another evidence found in logs:

22>1 2014-04-20T17:54:32.954081+02:00 mailgw1 postfix 24325 - - 0072B138260: removed
<22>1 2014-04-20T18:01:06.555092+02:00 mailgw1 update.bad.phishing.sites - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:01:45.315864+02:00 mailgw1 update.virus.scanners - - Delaying cron job up to 600 seconds
<22>1 2014-04-20T18:05:07.918696+02:00 mailgw1 update.virus.scanners - - Found clamav installed
<22>1 2014-04-20T18:05:07.922651+02:00 mailgw1 update.virus.scanners - - Running autoupdate for clamav
<22>1 2014-04-20T18:05:14.002006+02:00 mailgw1 ClamAV-autoupdate 25516 - - ClamAV updated
<22>1 2014-04-20T18:05:14.280209+02:00 mailgw1 update.virus.scanners - - Found generic installed
<22>1 2014-04-20T18:05:14.282607+02:00 mailgw1 update.virus.scanners - - Running autoupdate for generic

umm...I see a potential problem.

EFA was built with a compiled version of ClamAV....0.98

You are using RPM version of ClamAV 0.98.1?

Hi Shawn

I'm my case yes: I'm using a clamav package updated from addtional repo installed.
I had some problems in the beginning with perms, but now all is okay.

Anyway in any case the definition updates are performed by mailscanner script and not by clamav one.
Probably with your clamav packaged version the two scripts can both run togheter.

Just one question: is it the efa official clamav package compiled with some special feature/flag ?
I'm wondering at this point why not use a clamav package that comes from one of the many repo available (eg: rpmforge)

Thx

To help uk bloke:

Pls could u tell us if you have the original clamav packaged (eg: bundled with efa) or did u have updated it?

to see the version go on web gui->tools->clamav

Thx

Hi
Last week I ran a full yum update: ClamAV 0.98.1

Thanks

Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update

Buzzo,

Do you have notes on what you did to get to ClamAV 0.98.1 using RPM?

I would be interested in adding this as an official update (without the freshclam issue, of course...)

Nothing special, just upgraded the package.
If i rember correctly the only thing to change was the clamav daemon user in the conf.

I haven't actually any vm to retry the installation.
If you have one i cant try on it if u want.

Thx

buzzzo wrote:Ok then you are facing the same problem of mine.

I suggest to simply remove /etc/cron.daily/freshclam .
In this way you let the clamav defs update to carry on by the mailscanner script.

To see if updates are performed fine plz mainly check:

1) /tmp/ClamAV.update.log
2) on web gui: http|https://you_efa_host/mailscanner/clamav_status.php <-- check date of update

ClamAV Status
Version: ClamAV 0.98.1
Virus Identities: 15076
Database Timestamp: Mon Jun 25 00:00:16 2012 << seems very old!!!

Yeah that doesn't look right...

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?

Could this problem have been related to having different ClamAV data directories in /var/clamd and /var/lib/clamd ?

I confirmed from a clean build of EFA that /var/lib/clamav doesn't exist....

Unless you enable EPEL....

Then things get interesting...

Ooooooh, I get it now.

I think you're right.

Let me check what repos I've enabled in the morning and report back. And if I have, I'll need to find out why I did it and messed everything up.

To fix this issue if epel was manually added to EFA:

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.

Shawn Could you disable the do-it-yourself EFA clamav package and use the epel one ?
Maybe in a future version ?

In this way you have everytime the new version of clamav.

https://github.com/E-F-A/v3/commit/70a2 ... 1a95ee806b

Problem is that the CentOS Update channel and EPEL channel has conflicting versions of clamd. This script will be used going forward with clam updates.

I see now.

You were using the version of ClamAV (0.98.4) from rpmforge, and I was using the version from EPEL (0.98.6) and they had different, somewhat conflicting configuration settings.

I think using clamav from EPEL is the better solution, as rpmforge seems to have gone to sleep. The Centos additional repositories page recommends against using it as it appears to be no longer maintained. Shame. Even the rpmforge mailing list has had almost no traffic. Even the last message from January is asking people to help restart the project got no responses.

It might be best to avoid rpmforge packages where possible until such time as it shows signs of life again, or is permanently retired.

rpmforge, yes. I mentioned CentOS Updates but you are right.

Another reason to move to epel now. ...