ClamAv Update And Installation

May 2, 2008

I have some problems on my web server. Firstly i must say that, i noticed some of trojans and viruses effect my server. Ý saw that when loading my web pages, i saw a foreign link in the status bar while pages loading. When i search this pages, i saw that some codes that insert a hidden iframe with connected some other sites. This is iframe injection problem.

And after search i saw that this codes are infect most of index.php, index.html, index.htm and footer.php, footer.htm and footer.html pages on my server.

After this i clean all the infected files and activate the php safe mode that is OFF before. And i disable some system functions from php.ini

But more important than this, i realize that my ClamAv antivirus out of date. But when i want to update ClamAv with yum update clamav, i faced some errors about yum. And i take a help from my hosting firm to solve this problem.

And after this, i update my ClamAv 0.88 to ClamAv 0.92. And after this installation i scan my system with clamscan and remove 1250-1300 trojan and viruses from users mail directories

After this clean operation, i scaned the system again and no other trjans or viruses found.

But, after the ClamAv update to ClamAv 092 version there is a big problem again.

When a mail user sent a mail to anyone, everyhing is shown normal on mail program (Outlook, Thunderbird...) as sent, but mail is not delivered to recipient. And at the same time a clamav... directory is created in the /tmp directory. And this directories fill the user's mailbox quota. When i clean this directory from /tmp directory the quota turn to normal size. This problem occurs most of the mail users traffic. But this problem is begun after the ClamAv update process

But this problem is not shown all mail accounts.

This clamav.. directory that is created in /tmp directory have 4 files: main.db, mainmdb, main.ndb and copying files.

And the message that is returned from user that mail quota's exceeded is shown below.
And some times message is not return.

< mail_address> (expanded from
*** < mail_address>): can't create user output file. Command
*** output: LibClamAV Error: cli_untgz: Wrote 0 instead of 512
*** (/tmp/clamav-d342a5c0705d099fd95b1b0793092e0b/main.ndb) LibClamAV Error:
*** cli_cvdload(): Can't unpack CVD file. LibClamAV Error: Can't load
*** /var/clamav/main.cvd: CVD extraction failure ERROR: CVD extraction failure
*** procmail: Error while writing to "/var/log/procmail.log" procmail: Quota
*** exceeded while writing
*** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_0.ns1.site.com.tr"
*** procmail: Quota exceeded while writing
*** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_1.ns1.site.com.tr"
*** Time:1209623791 From: To: User: mail_adresi Size:248
*** Dest:/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan Mode:None

Shortly, after updating of ClamAv on my server, all the mails in server mail traffic has a clamav... directory in /tmp directory and this directories have main.db, main.mdb,main.ndb and copying files.

What is the wrong, or what must i do to solve this?

if i remove Clamav from system, everything turn to normal in the mail traffic.

Also i install chkrootkit and scaned the system. There is no bad result shown. All results said “not infected”

As a result i can not find how i can run the ClamAv on my system. Is it solve reinstall old version again.Or do you advice to install a new program? Ýf yes, which one?

My Os is CentOS 4.6, Mail Server Postfix Mail Server 2.2.10, Spam filter SpamAssassin Mail Filter 3.1.9

View 5 Replies


ADVERTISEMENT

Your ClamAV Installation Is OUTDATED!

Jul 18, 2009

I am running Clamav in Windows, it seems that the FreshClam is giving some errors when updating

ClamAV update process started at Sat Jul 18 13:20:41 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 51, sigs: 545035, f-level:
Downloading daily.cvd [ 99%]
ERROR: Can't rename c:clamavdata/clamav-8b0fa144b304158b0
e0c.clamtmp to daily.cvd: Permission denied

View 3 Replies View Related

Getfile: Can't Write 1448 Bytes To /usr/share/clamav/clamav-917a563483a6171fe02eac005

Jul 29, 2009

I can't update Clamav.

root@constan [~]# freshclam
sda1: write failed, user block limit reached.
ClamAV update process started at Sun Jul 26 15:56:52 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
ERROR: chdir_tmp: Can't create directory ./clamav-1cb832b46c1c20fe798628ebf3ddf422
WARNING: Incremental update failed, trying to download main.cvd
getfile: Can't write 1448 bytes to /usr/share/clamav/clamav-917a563483a6171fe02eac0059852cbe
WARNING: Can't download main.cvd from database.clamav.net

View 5 Replies View Related

Plesk 11.x / Linux :: Panel 11.5 Update - Installation Or Upgrade Failed

Oct 28, 2014

I'm getting the following alert in my Plesk 11.5 panel :

1) Failed to update Panel. To solve this problem, you can send the update log to Parallels support. View the update logs (Oct 27, 2014). View the update logs (Oct 28, 2014). Copy the logs to your computer before you close this message. To close this message, click here.

2) Installation or upgrade failed. For more information, log in as root to the server over SSH and view the file /tmp/plesk_11.5.30_installation.log. To remove this notice, remove the file /var/lock/parallels-panel-upgrade-failure.flag from the server. Repair the failed upgrade or installation.
----------------------------
here the final part of the update log:
----
===> Cumulative APS controller database (apsc) upgrade has been started.
===> Upgrade of APS controller database has been completed.
===> Cumulative Plesk database upgrade (revertable stage) has been started.

[Code]....

View 1 Replies View Related

Plesk 11.x / Linux :: Update Installation - Can't Download Needed Files Necessary To This Operation

Sep 2, 2014

I was trying to update my Plesk Panel installation and got the following error:

It seems the auto updater can't download the needed files necessary to this operation.

OS: CentOS 5.7
Panel version:10.3.1
Trying to update to version: 12.0.18

ERROR LOG

Code:
Installation started in background
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* atomic: www7.atomicorp.com
* epel: mirror.23media.de
* openvz-kernel-rhel5: mirror.fastvps.ru

[Code] .....

View 13 Replies View Related

ClamAV Or AVG ?

Dec 12, 2008

ClamAV or AVG ?

which one is better ?
ClamAV or AVG
and how should i scan my folder with ClamAV ?

View 10 Replies View Related

ClamAV Problems

Apr 20, 2008

My hosting provider (which will go unnamed because I doubt they would appreciate me broadcasting the fact that their server-based antivirus software isn't working properly) is experiencing almost daily email delivery failures on multiple shared servers because ClamAV stops working. They say they are running the latest stable versions of exim and ClamAV, but that "there is no guarantee...that the clamav error will not happen again". Right around the time this started happening, there was an article on the ComputerWorld web site (http://www.computerworld.com/action/...icleId=9077638) about a ClamAV patch being released to fix a security vulnerability. I'm wondering whether that patch was buggy, and whether other hosting providers are having problems with ClamAV. (It would probably be a good idea not to mention any providers by name because of the security implications.)

View 8 Replies View Related

CentOS And ClamAV

Mar 10, 2007

Anybody have a version running on CentOS 4.4...if so what version...keeps complaining about libcrypt.so.5, libssl.so.5 and a few other things that are not updated yet on CentOS 4.4

View 3 Replies View Related

ClamAV - Should We Enable It?

Dec 6, 2007

I would like to ask whether should we use/enable the clamAV service on our VPS? I have read from several article, it said that ClamAV is pretty hungry on CPU/Memory resources.

I would like to know, do you use/enable the clamAV on your VPS? Or even don't have it installed on your VPS?

View 5 Replies View Related

Disable Clamav

Mar 19, 2008

How can I disable clamav on cpanel server and make sure that it's not running

because when clamav is running the outlook is not working so I have to restart clamav every time.

View 6 Replies View Related

Clamav Checking

Jun 21, 2007

I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?

View 8 Replies View Related

ClamAV (clamd)

Jul 8, 2008

I guess most of you are familiar with clamAV but i wanna use this as a cpanel plugin and provide my customer the anti virus option in cpanel.. how do i do this?

ive already install clamAV on ym server.

View 9 Replies View Related

How To Install ClamAV?

Oct 31, 2008

How to Install ClamAV? ....

View 6 Replies View Related

ClamAV Or MailScanner

Apr 3, 2007

I installed ClamAv from WHM, but i can see some process name "Mail Scanner" in top command on my CentOs server ....

View 6 Replies View Related

Best Way To Install ClamAV?

Apr 14, 2009

I run a CPanel environment, and want to know the best way to install and configure ClanAV. I know CPanel has an install for it under WHM, but is that the best way? How hard is it to keep updated and does it scan all directories for viruses ect...?

View 1 Replies View Related

Win32 Clamav Replacement

Oct 27, 2009

I normally use Win32 Clamav for scanning of viruses in servers but now it is no longer being maintained. Where can I find an equivalent? Or is there any step by step instructions on compiling it from source?

View 0 Replies View Related

Antivirus To Use With Cpanel Apart From Clamav?

Sep 29, 2006

is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out.

i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.

View 0 Replies View Related

CPanel MySQL/Clamav

Dec 11, 2008

A few weeks ago I installed clamav using the cPanel "Manage Plug-Ins". It all seemed fine but my server load kept going ridiculously high. I couldn't work out what was wrong until I managed to get a ps aux when it was very high and found that clamd was using ridiculous amounts of memory/cpu. It's not such a big deal having it on my server, so I decide to uninstall it. After uninstalling it, MySQL started to randomly turn off regularly (around every 30 minutes). I tried forcing a cPanel update, updating the MySQL files, reinstalling MySQL, etc. but nothing has seemed to fix it. So as a last resort, I've reinstalled Clamav and now my MySQL is fine but my server load keeps going ridiculously high again; causing problems still.

Has anyone/cPanel ever experienced this problem? I need to find a solution as almost every account on my server uses MySQL as a basis for their website, so I can't have it going down even for less than a minute.

View 2 Replies View Related

ClamAV On A CPanel Server

Oct 27, 2009

I've got ClamAV installed on my cPanel (Dedicated) server with a single site and would am having trouble setting up ClamAV to scan emails.

I installed it via WHM and have set it up in WHM to scan all items.

Ie: WHM -> Plugins -> Configure ClamAV Scanner -> Scan ALL items

After doing a few manual scans however (using 'clamscan -ri') I'm finding infections in the account mail folder.

1. Is there a good guide to setting up ClamAV on a cPanel serve do do automatic mail scanning? I was under the impression that ClamAV scans emails also however after doing some reading people seem to recommend MailScanner.

2. My logwatch is giving me the following error.

The ClamAV update process (freshclam daemon) was not running! If you no longer wish to run freshclam, deleting the freshclam.log file will suppress this error message. 

The freshclam daemon wasn't running so I've started it (freshclam --daemon). I've also checked the freshclam.conf file and the logrile is set as follows:

UpdateLogFile /var/log/freshclam.log

View 7 Replies View Related

MailScanner + ClamAV Performance

Jan 23, 2007

I am looking into implementing an antivirus/spam relay server using Postfix + MailScanner + SpamAssassin. Does anyone here have experience with this kind of solution?

What kind of rough performance in messages/hour or messages/day could I expect from a server like this:

PowerEdge 2950
2x QuadCore Xeon E5320 (1.8GHz)
8GB RAM
4x 146GB 15,000rpm SAS in RAID 10

View 0 Replies View Related

Installed Clamav Connector, But Where Is It?

Apr 19, 2008

I installed clamavconnector from Plugins sections at WHM, but after installing, i dont see any option about Clamd or Clamav in WHM, where should I go to use this tool?

Im running latest release version + RHE 4

View 3 Replies View Related

Clamav Connector - 99% CPU Usage

Jul 10, 2008

Ok so clamavconnector has been running for like 3hrs and this is a brand new server i just got yesterday so theres hardly any files but clamavconnector is using 99% of 1 of my CPUs which i think is a bit mad. You think its frozen or somthing and should i kill it or keep it running?

View 6 Replies View Related

ClamAV :: Errors After Installing

Apr 2, 2005

I am recently trying to install the ClamAV program onto my servers. Everything goes well and it is able to get installed but I am encountering some problems.

1) The program keeps recurring the scanning process on my /home directory and will not stop looping.... I waited for around 12 hours but it still keeps looping....

2) I have started the clamd and tested it out by loading a virus onto my server... Nothing happens... the file still is able to be uploaded and excuted....

Is there anyway for ClamAV to auto scan everything that gets uploaded or transmitted into the server? And also mail me its daily scan logs that is issue to be stored in a specific directory.

View 5 Replies View Related

How To Install ClamAV On Centos 5

May 14, 2009

I tried to install clamav, but i'm out of luck. It won't install at all. it gives the folloing error:

Transaction Check Error:
file /etc/freshclam.conf from install of clamav-0.95.1-4.el5.rf.i386 conflicts with file from package clamav-toaster-0.95.1-1.3.27.i386 ....

View 4 Replies View Related

Remote Clamav Server

Dec 10, 2006

I would like to know if its possible and if someone is using a remote clamav server to check the messages against viruses.

We are running around 15 servers and all of them have the clamd installed, and we waste time upgrading the software, database and also monitoring many services that are exactly the same one.

Our idea is to setup a central server that those 15 servers will send the message for checking first.

We are running cPanel and Exim on those 15 servers.

We have implemented remote spamassassin checking this week and its working like a charm.

View 1 Replies View Related

ClamAV Scanner Resource Intensive?

Oct 22, 2006

I would like to know how resource intensive is ClamAV Scanner. Should I allow it or not to my VPS clients/resellers?

Can I set it to use it as root? How?

View 0 Replies View Related

Clamd.conf ArchiveMaxCompressRatio (ClamAV Nub)

Apr 17, 2008

I have a VPS that started sending me emails last night (in mass) giving me failures saying

clamd failed @ Thu Apr 17 13:11:50 2008. A restart was attempted automagically.

I ran a yum update, and since the server isn't critical I just gave it a restart. Still getting the errors, I checked the boot.log file, where I saw errors like:

Apr 17 12:37:56 host exim: Starting clamd:
Apr 17 12:37:56 host clamd: ERROR: Parse error at line 299: Unknown option ArchiveMaxCompressionRatio.
Apr 17 12:37:56 host clamd: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: ERROR: Can't open/parse the config file /etc/clamd.conf
Apr 17 12:37:56 host exim: clamd startup failed
The clamd.conf file hasn't been edited since it was installed in August, I'm not sure why it decided to have issues now. So I just commented out the ArchiveMaxCompressionRatio directive in the config file to get it up and running again.

I have no knowledge of ClamAV (clamd), so I'm not sure exactly what it archives or how it compresses it, but I was just wondering if this will a) cause any noticeable issues and/or b) if theres a new directive equivalent to this one I should use instead (man just said "outdated").

View 6 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved