My hosting provider (which will go unnamed because I doubt they would appreciate me broadcasting the fact that their server-based antivirus software isn't working properly) is experiencing almost daily email delivery failures on multiple shared servers because ClamAV stops working. They say they are running the latest stable versions of exim and ClamAV, but that "there is no guarantee...that the clamav error will not happen again". Right around the time this started happening, there was an article on the ComputerWorld web site (http://www.computerworld.com/action/...icleId=9077638) about a ClamAV patch being released to fix a security vulnerability. I'm wondering whether that patch was buggy, and whether other hosting providers are having problems with ClamAV. (It would probably be a good idea not to mention any providers by name because of the security implications.)
I have it installed on server, but sometimes it's dead, but no warning from system. It will prevent emails working then. So I wonder if there is any way to check clamav? when it's not working, system will release an email to the admin?
I run a CPanel environment, and want to know the best way to install and configure ClanAV. I know CPanel has an install for it under WHM, but is that the best way? How hard is it to keep updated and does it scan all directories for viruses ect...?
I normally use Win32 Clamav for scanning of viruses in servers but now it is no longer being maintained. Where can I find an equivalent? Or is there any step by step instructions on compiling it from source?
is there a antivirus i can use with cpanel apart from clamav? found a virus on my work pc this morning that was trying to send emails out so i want my cpanel server to prevent any emails with virus's going out.
i was told clamav would slow down my server so i thought about AVG and was just wondering what other people have installed.
I am running Clamav in Windows, it seems that the FreshClam is giving some errors when updating
ClamAV update process started at Sat Jul 18 13:20:41 2009 WARNING: Your ClamAV installation is OUTDATED! WARNING: Local version: 0.95.1 Recommended version: 0.95.2 DON'T PANIC! Read http://www.clamav.net/support/faq main.cvd is up to date (version: 51, sigs: 545035, f-level: Downloading daily.cvd [ 99%] ERROR: Can't rename c:clamavdata/clamav-8b0fa144b304158b0 e0c.clamtmp to daily.cvd: Permission denied
A few weeks ago I installed clamav using the cPanel "Manage Plug-Ins". It all seemed fine but my server load kept going ridiculously high. I couldn't work out what was wrong until I managed to get a ps aux when it was very high and found that clamd was using ridiculous amounts of memory/cpu. It's not such a big deal having it on my server, so I decide to uninstall it. After uninstalling it, MySQL started to randomly turn off regularly (around every 30 minutes). I tried forcing a cPanel update, updating the MySQL files, reinstalling MySQL, etc. but nothing has seemed to fix it. So as a last resort, I've reinstalled Clamav and now my MySQL is fine but my server load keeps going ridiculously high again; causing problems still.
Has anyone/cPanel ever experienced this problem? I need to find a solution as almost every account on my server uses MySQL as a basis for their website, so I can't have it going down even for less than a minute.
After doing a few manual scans however (using 'clamscan -ri') I'm finding infections in the account mail folder.
1. Is there a good guide to setting up ClamAV on a cPanel serve do do automatic mail scanning? I was under the impression that ClamAV scans emails also however after doing some reading people seem to recommend MailScanner.
2. My logwatch is giving me the following error.
The ClamAV update process (freshclam daemon) was not running! If you no longer wish to run freshclam, deleting the freshclam.log file will suppress this error message.
The freshclam daemon wasn't running so I've started it (freshclam --daemon). I've also checked the freshclam.conf file and the logrile is set as follows:
Ok so clamavconnector has been running for like 3hrs and this is a brand new server i just got yesterday so theres hardly any files but clamavconnector is using 99% of 1 of my CPUs which i think is a bit mad. You think its frozen or somthing and should i kill it or keep it running?
I have some problems on my web server. Firstly i must say that, i noticed some of trojans and viruses effect my server. Ý saw that when loading my web pages, i saw a foreign link in the status bar while pages loading. When i search this pages, i saw that some codes that insert a hidden iframe with connected some other sites. This is iframe injection problem.
And after search i saw that this codes are infect most of index.php, index.html, index.htm and footer.php, footer.htm and footer.html pages on my server.
After this i clean all the infected files and activate the php safe mode that is OFF before. And i disable some system functions from php.ini
But more important than this, i realize that my ClamAv antivirus out of date. But when i want to update ClamAv with yum update clamav, i faced some errors about yum. And i take a help from my hosting firm to solve this problem.
And after this, i update my ClamAv 0.88 to ClamAv 0.92. And after this installation i scan my system with clamscan and remove 1250-1300 trojan and viruses from users mail directories
After this clean operation, i scaned the system again and no other trjans or viruses found.
But, after the ClamAv update to ClamAv 092 version there is a big problem again.
When a mail user sent a mail to anyone, everyhing is shown normal on mail program (Outlook, Thunderbird...) as sent, but mail is not delivered to recipient. And at the same time a clamav... directory is created in the /tmp directory. And this directories fill the user's mailbox quota. When i clean this directory from /tmp directory the quota turn to normal size. This problem occurs most of the mail users traffic. But this problem is begun after the ClamAv update process
But this problem is not shown all mail accounts.
This clamav.. directory that is created in /tmp directory have 4 files: main.db, mainmdb, main.ndb and copying files.
And the message that is returned from user that mail quota's exceeded is shown below. And some times message is not return.
< mail_address> (expanded from *** < mail_address>): can't create user output file. Command *** output: LibClamAV Error: cli_untgz: Wrote 0 instead of 512 *** (/tmp/clamav-d342a5c0705d099fd95b1b0793092e0b/main.ndb) LibClamAV Error: *** cli_cvdload(): Can't unpack CVD file. LibClamAV Error: Can't load *** /var/clamav/main.cvd: CVD extraction failure ERROR: CVD extraction failure *** procmail: Error while writing to "/var/log/procmail.log" procmail: Quota *** exceeded while writing *** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_0.ns1.site.com.tr" *** procmail: Quota exceeded while writing *** "/home/domain/homes/mail_user/Maildir/tmp/1209623791.26249_1.ns1.site.com.tr" *** Time:1209623791 From: To: User: mail_adresi Size:248 *** Dest:/etc/webmin/virtual-server/clam-wrapper.pl /usr/bin/clamscan Mode:None
Shortly, after updating of ClamAv on my server, all the mails in server mail traffic has a clamav... directory in /tmp directory and this directories have main.db, main.mdb,main.ndb and copying files.
What is the wrong, or what must i do to solve this?
if i remove Clamav from system, everything turn to normal in the mail traffic.
Also i install chkrootkit and scaned the system. There is no bad result shown. All results said “not infected”
As a result i can not find how i can run the ClamAv on my system. Is it solve reinstall old version again.Or do you advice to install a new program? Ýf yes, which one?
My Os is CentOS 4.6, Mail Server Postfix Mail Server 2.2.10, Spam filter SpamAssassin Mail Filter 3.1.9
I have a VPS that started sending me emails last night (in mass) giving me failures saying
clamd failed @ Thu Apr 17 13:11:50 2008. A restart was attempted automagically.
I ran a yum update, and since the server isn't critical I just gave it a restart. Still getting the errors, I checked the boot.log file, where I saw errors like:
Apr 17 12:37:56 host exim: Starting clamd: Apr 17 12:37:56 host clamd: ERROR: Parse error at line 299: Unknown option ArchiveMaxCompressionRatio. Apr 17 12:37:56 host clamd: ERROR: Can't open/parse the config file /etc/clamd.conf Apr 17 12:37:56 host exim: ERROR: Can't open/parse the config file /etc/clamd.conf Apr 17 12:37:56 host exim: clamd startup failed The clamd.conf file hasn't been edited since it was installed in August, I'm not sure why it decided to have issues now. So I just commented out the ArchiveMaxCompressionRatio directive in the config file to get it up and running again.
I have no knowledge of ClamAV (clamd), so I'm not sure exactly what it archives or how it compresses it, but I was just wondering if this will a) cause any noticeable issues and/or b) if theres a new directive equivalent to this one I should use instead (man just said "outdated").
I want to uninstall antivirus clamav from cPanel WHM, after I uninstall successful I realise my yum and rpm are stop to working propraly and get blocked, i can find what happen I don`t do anything else I just remove antivirus clamav from cPanel WHM.
I'm trying to install Clamav on my Centos box (64bit version) but on the Make command I get the following error:
/usr/local/lib/libz.a(gzio.o): relocation R_X86_64_32 against `a local symbol' can not be used when making a shared object; recompile with -fPIC /usr/local/lib/libz.a: could not read symbols: Bad value collect2: ld returned 1 exit status make: *** [libclamav.la] Error 1 make: Leaving directory `/root/clamav-0.88/libclamav' make: *** [all-recursive] Error 1 make: Leaving directory `/root/clamav-0.88' make: *** [all] Error 2
I'm guessing is something to do with X86_64 but I still can't find a solution to this.