I am running Clamav in Windows, it seems that the FreshClam is giving some errors when updating
ClamAV update process started at Sat Jul 18 13:20:41 2009
WARNING: Your ClamAV installation is OUTDATED!
WARNING: Local version: 0.95.1 Recommended version: 0.95.2
DON'T PANIC! Read http://www.clamav.net/support/faq
main.cvd is up to date (version: 51, sigs: 545035, f-level:
Downloading daily.cvd [ 99%]
ERROR: Can't rename c:clamavdata/clamav-8b0fa144b304158b0
e0c.clamtmp to daily.cvd: Permission denied
I have some problems on my web server. Firstly i must say that, i noticed some of trojans and viruses effect my server. Ý saw that when loading my web pages, i saw a foreign link in the status bar while pages loading. When i search this pages, i saw that some codes that insert a hidden iframe with connected some other sites. This is iframe injection problem.
And after search i saw that this codes are infect most of index.php, index.html, index.htm and footer.php, footer.htm and footer.html pages on my server.
After this i clean all the infected files and activate the php safe mode that is OFF before. And i disable some system functions from php.ini
But more important than this, i realize that my ClamAv antivirus out of date. But when i want to update ClamAv with yum update clamav, i faced some errors about yum. And i take a help from my hosting firm to solve this problem.
And after this, i update my ClamAv 0.88 to ClamAv 0.92. And after this installation i scan my system with clamscan and remove 1250-1300 trojan and viruses from users mail directories
After this clean operation, i scaned the system again and no other trjans or viruses found.
But, after the ClamAv update to ClamAv 092 version there is a big problem again.
When a mail user sent a mail to anyone, everyhing is shown normal on mail program (Outlook, Thunderbird...) as sent, but mail is not delivered to recipient. And at the same time a clamav... directory is created in the /tmp directory. And this directories fill the user's mailbox quota. When i clean this directory from /tmp directory the quota turn to normal size. This problem occurs most of the mail users traffic. But this problem is begun after the ClamAv update process
But this problem is not shown all mail accounts.
This clamav.. directory that is created in /tmp directory have 4 files: main.db, mainmdb, main.ndb and copying files.
And the message that is returned from user that mail quota's exceeded is shown below. And some times message is not return.
< mail_address> (expanded from *** < mail_address>): can't create user output file. Command *** output: LibClamAV Error: cli_untgz: Wrote 0 instead of 512 *** (/tmp/clamav-d342a5c0705d099fd95b1b0793092e0b/main.ndb) LibClamAV Error: *** cli_cvdload(): Can't unpack CVD file. LibClamAV Error: Can't load *** /var/clamav/main.cvd: CVD extraction failure ERROR: CVD extraction failure *** procmail: Error while writing to "/var/log/procmail.log" procmail: Quota *** exceeded while writing *** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_0.ns1.site.com.tr" *** procmail: Quota exceeded while writing *** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_1.ns1.site.com.tr" *** Time:1209623791 From: To: User: mail_adresi Size:248 *** Dest:/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan Mode:None
Shortly, after updating of ClamAv on my server, all the mails in server mail traffic has a clamav... directory in /tmp directory and this directories have main.db, main.mdb,main.ndb and copying files.
What is the wrong, or what must i do to solve this?
if i remove Clamav from system, everything turn to normal in the mail traffic.
Also i install chkrootkit and scaned the system. There is no bad result shown. All results said “not infected”
As a result i can not find how i can run the ClamAv on my system. Is it solve reinstall old version again.Or do you advice to install a new program? Ýf yes, which one?
My Os is CentOS 4.6, Mail Server Postfix Mail Server 2.2.10, Spam filter SpamAssassin Mail Filter 3.1.9
I just began work at an office to manage one of their web assets. They have it hosted on a VPS from Network Solutions. In looking at the VPS itself as well as the information on the Network Solutions site, it appears they only offer Fedora Core 6 to their linux VPS customers.
FC6 was released October 24, 2006 and Fedora support is 13 months. That means that as of November 24, 2007, FC6 has received no security updates to any of it's software nor the kernel.
The Fedora project even states that it might not be a good choice for corporate users because of the need to update the whole OS every 13 months.
I can't update the OS on the VPS, I called support and they told me that they only offered FC6 and they had no solution to the security patches problem.
Is this even posssible?! Could a hosting service really consider offering a 3 year old OS with no security support as their only option? Am I missing something incredibly obvious?
Is there a way to located out dated and already exploited scripts on my VPS? I have already cleaned out the /tmp directory but how can I scan my clients accounts to determine if they have been exploited? Or if they should update scripts that they are running.
i had 3 emails last night from my box regarding a [checkperlmodules] automatic upgrade.
The modules cannot install as the modules on my system are outdated. I tried installing the module under WHM, IO::Compress::Base, but it says it is the most recent (2.005) and wont upgrade!
Under WHM -> 'Update System Software' i get the same error as modules wont build as they are require 2.006 and i have 2.005.
Is there anywayy how can i force an upgrade regardles?
Warning: prerequisite IO::Compress::Base 2.006 not found. We have 2.005.
[checkperlmodules] The perl module IO::Uncompress::Gunzip could not be installed. This module is required by cPanel, and the system may not function correctly until it is installed, and functional. Below is the results of the auto-install attempt:
Test Run ============== IO::Compress::Base::Common version 2.006 required--this is only version 2.005 at /usr/lib/perl5/site_perl/5.8.8/IO/Uncompress/RawInflate.pm line 9. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/IO/Uncompress/RawInflate.pm line 9. Compilation failed in require at /usr/lib/perl5/site_perl/5.8.8/IO/Uncompress/Gunzip.pm line 12. BEGIN failed--compilation aborted at /usr/lib/perl5/site_perl/5.8.8/IO/Uncompress/Gunzip.pm line 12. Compilation failed in require at - line 1. BEGIN failed--compilation aborted at - line 1.
Installer Run
.... snip .... CPAN.pm: Going to build P/PM/PMQS/IO-Compress-Zlib-2.006.tar.gz
Up/Downgrade not needed. Checking if your kit is complete... Looks good Warning: prerequisite IO::Compress::Base 2.006 not found. We have 2.005. Warning: prerequisite IO::Uncompress::Base 2.006 not found. We have 2.005. Writing Makefile for IO::Compress::Zlib CPAN: YAML loaded ok (v0.65) ... snip ...
My hosting provider (which will go unnamed because I doubt they would appreciate me broadcasting the fact that their server-based antivirus software isn't working properly) is experiencing almost daily email delivery failures on multiple shared servers because ClamAV stops working. They say they are running the latest stable versions of exim and ClamAV, but that "there is no guarantee...that the clamav error will not happen again". Right around the time this started happening, there was an article on the ComputerWorld web site (http://www.computerworld.com/action/...icleId=9077638) about a ClamAV patch being released to fix a security vulnerability. I'm wondering whether that patch was buggy, and whether other hosting providers are having problems with ClamAV. (It would probably be a good idea not to mention any providers by name because of the security implications.)
Anybody have a version running on CentOS 4.4...if so what version...keeps complaining about libcrypt.so.5, libssl.so.5 and a few other things that are not updated yet on CentOS 4.4
I would like to ask whether should we use/enable the clamAV service on our VPS? I have read from several article, it said that ClamAV is pretty hungry on CPU/Memory resources.
I would like to know, do you use/enable the clamAV on your VPS? Or even don't have it installed on your VPS?
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
I guess most of you are familiar with clamAV but i wanna use this as a cpanel plugin and provide my customer the anti virus option in cpanel.. how do i do this?
I run a CPanel environment, and want to know the best way to install and configure ClanAV. I know CPanel has an install for it under WHM, but is that the best way? How hard is it to keep updated and does it scan all directories for viruses ect...?
I normally use Win32 Clamav for scanning of viruses in servers but now it is no longer being maintained. Where can I find an equivalent? Or is there any step by step instructions on compiling it from source?
is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out.
i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.
A few weeks ago I installed clamav using the cPanel "Manage Plug-Ins". It all seemed fine but my server load kept going ridiculously high. I couldn't work out what was wrong until I managed to get a ps aux when it was very high and found that clamd was using ridiculous amounts of memory/cpu. It's not such a big deal having it on my server, so I decide to uninstall it. After uninstalling it, MySQL started to randomly turn off regularly (around every 30 minutes). I tried forcing a cPanel update, updating the MySQL files, reinstalling MySQL, etc. but nothing has seemed to fix it. So as a last resort, I've reinstalled Clamav and now my MySQL is fine but my server load keeps going ridiculously high again; causing problems still.
Has anyone/cPanel ever experienced this problem? I need to find a solution as almost every account on my server uses MySQL as a basis for their website, so I can't have it going down even for less than a minute.
After doing a few manual scans however (using 'clamscan -ri') I'm finding infections in the account mail folder.
1. Is there a good guide to setting up ClamAV on a cPanel serve do do automatic mail scanning? I was under the impression that ClamAV scans emails also however after doing some reading people seem to recommend MailScanner.
2. My logwatch is giving me the following error.
The ClamAV update process (freshclam daemon) was not running! If you no longer wish to run freshclam, deleting the freshclam.log file will suppress this error message.
The freshclam daemon wasn't running so I've started it (freshclam --daemon). I've also checked the freshclam.conf file and the logrile is set as follows:
I am looking into implementing an antivirus/spam relay server using Postfix + MailScanner + SpamAssassin. Does anyone here have experience with this kind of solution?
What kind of rough performance in messages/hour or messages/day could I expect from a server like this:
PowerEdge 2950 2x QuadCore Xeon E5320 (1.8GHz) 8GB RAM 4x 146GB 15,000rpm SAS in RAID 10
I installed clamavconnector from Plugins sections at WHM, but after installing, i dont see any option about Clamd or Clamav in WHM, where should I go to use this tool?
Ok so clamavconnector has been running for like 3hrs and this is a brand new server i just got yesterday so theres hardly any files but clamavconnector is using 99% of 1 of my CPUs which i think is a bit mad. You think its frozen or somthing and should i kill it or keep it running?
I am recently trying to install the ClamAV program onto my servers. Everything goes well and it is able to get installed but I am encountering some problems.
1) The program keeps recurring the scanning process on my /home directory and will not stop looping.... I waited for around 12 hours but it still keeps looping....
2) I have started the clamd and tested it out by loading a virus onto my server... Nothing happens... the file still is able to be uploaded and excuted....
Is there anyway for ClamAV to auto scan everything that gets uploaded or transmitted into the server? And also mail me its daily scan logs that is issue to be stored in a specific directory.
I tried to install clamav, but i'm out of luck. It won't install at all. it gives the folloing error:
Transaction Check Error: file /etc/freshclam.conf from install of clamav-0.95.1-4.el5.rf.i386 conflicts with file from package clamav-toaster-0.95.1-1.3.27.i386 ....
I would like to know if its possible and if someone is using a remote clamav server to check the messages against viruses.
We are running around 15 servers and all of them have the clamd installed, and we waste time upgrading the software, database and also monitoring many services that are exactly the same one.
Our idea is to setup a central server that those 15 servers will send the message for checking first.
We are running cPanel and Exim on those 15 servers.
We have implemented remote spamassassin checking this week and its working like a charm.
I have a VPS that started sending me emails last night (in mass) giving me failures saying
clamd failed @ Thu Apr 17 13:11:50 2008. A restart was attempted automagically.
I ran a yum update, and since the server isn't critical I just gave it a restart. Still getting the errors, I checked the boot.log file, where I saw errors like:
Apr 17 12:37:56 host exim: Starting clamd: Apr 17 12:37:56 host clamd: ERROR: Parse error at line 299: Unknown option ArchiveMaxCompressionRatio. Apr 17 12:37:56 host clamd: ERROR: Can't open/parse the config file /etc/clamd.conf Apr 17 12:37:56 host exim: ERROR: Can't open/parse the config file /etc/clamd.conf Apr 17 12:37:56 host exim: clamd startup failed The clamd.conf file hasn't been edited since it was installed in August, I'm not sure why it decided to have issues now. So I just commented out the ArchiveMaxCompressionRatio directive in the config file to get it up and running again.
I have no knowledge of ClamAV (clamd), so I'm not sure exactly what it archives or how it compresses it, but I was just wondering if this will a) cause any noticeable issues and/or b) if theres a new directive equivalent to this one I should use instead (man just said "outdated").