ClamAV unofficial rules?
Scott/Mike,
How automatic is automatic?
I only have this in /var/clamav
Note the dates.
And from the sanesecurity site I note that I should have junk.ndb, spear.ndb, lott.ndb and a few others too.
I have done an asl -u recently and it did supposedly update clamav rules.
How automatic is automatic?
I only have this in /var/clamav
Code: Select all
-rw-r--r-- 1 clamav clamav 7727 Jan 20 12:15 ASL-h.ndb
-rw-r--r-- 1 clamav clamav 4079 Jan 20 12:15 ASL.hdb
-rw-r--r-- 1 clamav clamav 19474 May 17 2008 MSRBL-Images.hdb
-rw-r--r-- 1 clamav clamav 236339 May 16 2008 MSRBL-SPAM.ndb
-rw-r--r-- 1 clamav clamav 3560960 Jan 21 03:10 daily.cld
-rw-r--r-- 1 clamav clamav 40598016 Oct 23 03:10 main.cld
-rw-r--r-- 1 clamav clamav 18462921 Nov 26 18:37 main.cvd
-rw------- 1 clamav clamav 416 Jan 21 11:18 mirrors.dat
-rw-r--r-- 1 clamav clamav 229 Dec 17 05:51 phish.ndb
-rw-r--r-- 1 clamav clamav 211 Dec 17 05:51 phish.ndb-bak
-rw-r--r-- 1 clamav clamav 172 Dec 16 09:34 phish.ndb.gz
-rw-r--r-- 1 clamav clamav 229 Dec 17 05:51 scam.ndb
-rw-r--r-- 1 clamav clamav 211 Dec 17 05:51 scam.ndb-bak
-rw-r--r-- 1 clamav clamav 171 Dec 16 09:34 scam.ndb.gz
And from the sanesecurity site I note that I should have junk.ndb, spear.ndb, lott.ndb and a few others too.
I have done an asl -u recently and it did supposedly update clamav rules.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
Ah! I see the latest clamav from the asl-2 repo has an updated update script.
Just ran it and I see we are back to normal on the "UNOFFICIAL" hits.
Brilliant!
Faris.
Just ran it and I see we are back to normal on the "UNOFFICIAL" hits.
Brilliant!
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
I get an invalid user error when I that script
I dont have the qmail scanner installed so I am guessing that is a normal thing to not have those but shouldnt the update script be able to run without it ?
Code: Select all
# /usr/bin/clamav_updater.sh
=================================
SaneSecurity SCAM Database Update
=================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 202 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
==================================
SaneSecurity PHISH Database Update
==================================
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 202 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
==========================
MSRBL SPAM Database Update
==========================
===========================
MSRBL IMAGE Database Update
===========================
chown: `qscand:qscand': invalid user
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
You might have the older clamav, the new one looks like this:
[root@www installer]# /usr/bin/clamav_updater.sh
Updating Securiteinfo Databases: VX Securityinfo Honeynet
Updating malware.com.br Databases: MBL
Updating MSRBL Databases: Images Spam
Updating Sanesecurity Databases: junk lott phish rouge scam spamming spear
[root@www installer]# /usr/bin/clamav_updater.sh
Updating Securiteinfo Databases: VX Securityinfo Honeynet
Updating malware.com.br Databases: MBL
Updating MSRBL Databases: Images Spam
Updating Sanesecurity Databases: junk lott phish rouge scam spamming spear
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Oops. there's a buglet in /usr/bin/clamav_updater.sh for Centos4/rhel4
I noticed that my /var/clamav directory and all its contents were myteriously being set to be owned by clamav even after I manually change them to qscand. (I've obviously also set the User and Database owner to be qscand in both /etc/freshclam.conf and /etc/cland.conf).
After looking into /etc/cron.daily/freshclam, which I found was correctly setting /var/clamav to qscand, I discovered the problem was in /usr/bin/clamav_updater.sh
In this section of code.....:
....there's a typo in the first line, which should be
The bug is preventing /usr/bin/freshclam from updating the virus sigs.
I've raised a case in the portal but I thought it would be worth letting people know here too - you don't want out of date virus sigs!.
Faris.
Edited: changed the "/usr/sbin/clamav_updater.sh" in my original post to the correct path of /usr/bin/clamav_updater.sh
I noticed that my /var/clamav directory and all its contents were myteriously being set to be owned by clamav even after I manually change them to qscand. (I've obviously also set the User and Database owner to be qscand in both /etc/freshclam.conf and /etc/cland.conf).
After looking into /etc/cron.daily/freshclam, which I found was correctly setting /var/clamav to qscand, I discovered the problem was in /usr/bin/clamav_updater.sh
In this section of code.....:
Code: Select all
if [ -f /etc/clamd ]; then
clam_user=$(awk '/^User/ {print $2}' /etc/clamd.conf)
else
clam_user="clamav"
fi
Code: Select all
if [ -f /etc/clamd.conf ]; then
I've raised a case in the portal but I thought it would be worth letting people know here too - you don't want out of date virus sigs!.
Faris.
Edited: changed the "/usr/sbin/clamav_updater.sh" in my original post to the correct path of /usr/bin/clamav_updater.sh
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Forum Regular
- Posts: 661
- Joined: Mon Oct 29, 2007 6:51 pm
Yeah I noticed a bunch of new errors today after updating to the latest clamd yesterday - may just be coincidental
Code: Select all
Jan 23 07:09:45 domain psmon[3508]: Failed to spawn 'clamd' with '/sbin/service clamd restart'
Jan 23 07:08:53 domain clamd[4533]: reload db failed: Malformed database
Jan 23 07:08:53 domain clamd[4533]: Terminating because of a fatal error.
Looks like it is in the repo now.
Errr... cough...this is the kind of thing that needs an Announcement.
Um...I'm a journo. Maybe I could help? You send the bare minimum of detail to me, and I translate into English? Or something?
Faris.
Errr... cough...this is the kind of thing that needs an Announcement.
Um...I'm a journo. Maybe I could help? You send the bare minimum of detail to me, and I translate into English? Or something?
Faris.
--------------------------------
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
<advert>
If you want to rent a UK-based VPS that comes with friendly advice and support from a fellow ART fan, please get in touch.
</advert>
-
- Long Time Forum Regular
- Posts: 2813
- Joined: Sat Aug 20, 2005 9:30 am
- Location: The Netherlands
What needs an announcement here exactly? The fact that a bug in the ClamAV rule updater was fixed? In that case I don't agree. That's what changelogs are for. I'd reserve announcements for bigger issues.
Lemonbit Internet Dedicated Server Management