FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 06-17-2008, 09:38 AM
John R Pierce
 
Default ClamAV help needed

Anne Wilson wrote:
ClamAV is installed on my CentOS box. I edited the conf file and assumed all
is well. Clearly it isn't.


Every day I see in logwatch that my signatures are updated, and the database
notified, but if I try to scan a file manually it tells me that my signatures
are 55 days old.


I tried looking at a how-to, in the hope of identifying the problem, but it is
hopelessly out of date, and I reached the stage where it seemed that
following it any further risked my installation.


Can someone please give me a quick run-down of the things I should check.
Clearly freshclam is running, but that's about all I know for certain.




first, enable rpmforge repo
then...
yum install clamav

then, run freshclam, and also put it in a daily or weekly cron job to
automatically update


now, clamscan, or start clamd, or whatever
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 10:58 AM
Simon Banton
 
Default ClamAV help needed

Every day I see in logwatch that my signatures are updated, and the database
notified, but if I try to scan a file manually it tells me that my signatures
are 55 days old.


I think clamscan looks for the db files in a compiled-in default
location of /usr/local/share/clamav and doesn't consult the
clamd.conf or freshclam.conf files (after all, why would it?)


I fixed it up by symlinking my confgured DatabaseDirectory to where
clamscan expected to find things.


HTH

Simon
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 11:16 AM
Ralph Angenendt
 
Default ClamAV help needed

Simon Banton wrote:
>> Every day I see in logwatch that my signatures are updated, and the database
>> notified, but if I try to scan a file manually it tells me that my signatures
>> are 55 days old.
>
> I think clamscan looks for the db files in a compiled-in default
> location of /usr/local/share/clamav and doesn't consult the clamd.conf or
> freshclam.conf files (after all, why would it?)

It does at least open freshclam.conf (which means that that one must be
*readable* by the user running clamscan:

admin@mail-gw-3:~$strace -eopen clamscan
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/usr/lib/libclamav.so.4", O_RDONLY) = 3
open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
open("/lib/tls/libc.so.6", O_RDONLY) = 3
open("/usr/lib/libz.so.1", O_RDONLY) = 3
open("/usr/lib/libbz2.so.1", O_RDONLY) = 3
open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3
open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3
open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3
open("/etc/freshclam.conf", O_RDONLY) = 3
open("/var/clamav/daily.cld", O_RDONLY) = 3

Cheers,

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 11:40 AM
Simon Banton
 
Default ClamAV help needed

At 13:16 +0200 17/6/08, Ralph Angenendt wrote:

It does at least open freshclam.conf


True, but then it goes on to look in its compiled in location too:

open("/etc/freshclam.conf", O_RDONLY) = 3
open("/var/lib/clamav/daily.cld", O_RDONLY) = 3
open("/usr/local/share/clamav/daily.cld", O_RDONLY) = 3
open("/usr/local/share/clamav/daily.cld", O_RDONLY) = 3
open("/usr/local/share/clamav",
O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3

open("/usr/local/share/clamav/main.cvd", O_RDONLY) = 4

Cheers
S.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 12:48 PM
Ralph Angenendt
 
Default ClamAV help needed

Simon Banton wrote:
> At 13:16 +0200 17/6/08, Ralph Angenendt wrote:
>> It does at least open freshclam.conf
>
> True, but then it goes on to look in its compiled in location too:
>
> open("/etc/freshclam.conf", O_RDONLY) = 3
> open("/var/lib/clamav/daily.cld", O_RDONLY) = 3
> open("/usr/local/share/clamav/daily.cld", O_RDONLY) = 3
> open("/usr/local/share/clamav/daily.cld", O_RDONLY) = 3
> open("/usr/local/share/clamav",
> O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
> open("/usr/local/share/clamav/main.cvd", O_RDONLY) = 4

It doesn't here:

admin@mail-gw-3:~$strace -eopen clamscan
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/usr/lib/libclamav.so.4", O_RDONLY) = 3
open("/lib/tls/libpthread.so.0", O_RDONLY) = 3
open("/lib/tls/libc.so.6", O_RDONLY) = 3
open("/usr/lib/libz.so.1", O_RDONLY) = 3
open("/usr/lib/libbz2.so.1", O_RDONLY) = 3
open("/usr/lib/sse2/libgmp.so.3", O_RDONLY) = 3
open("/usr/lib/libclamunrar_iface.so.4", O_RDONLY) = 3
open("/usr/lib/libclamunrar.so.4", O_RDONLY) = 3
open("/etc/freshclam.conf", O_RDONLY) = 3
open("/var/clamav/daily.cld", O_RDONLY) = 3
open("/var/clamav", O_RDONLY|O_NONBLOCK|O_LARGEFILE|O_DIRECTORY) = 3
open("/var/clamav/main.cvd", O_RDONLY) = 4
open("/tmp/clamav-56d503ba1cf89b51cfc1483052997d0e/COPYING", O_WRONLY|O_CREAT|O_TRUNC

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 01:00 PM
Simon Banton
 
Default ClamAV help needed

At 14:48 +0200 17/6/08, Ralph Angenendt wrote:

It doesn't here:


Is your copy installed from rpm/yum or compiled from source? Mine's the latter.

S.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 01:52 PM
John Plemons
 
Default ClamAV help needed

Not to move anyone to another package, but to offer another route if
you want to consider it.



An option other than ClamAV is AVG, it works well, and is easy to
install.



Grisoft has a Linux version of their AVG Virus Software

The free version can be downloaded here



ftp://ftp.grisoft.cz/pub/softw/70free/setup/



They have a complete line of Anti-Virus Software for both the MS and
Linux worlds, I have used both version for years an like it much more
than Symantic ( Norton ) - McAfee etc..* It doesn't wind it's way down
into the heart of the OS, it is very stable and in my mind one of the
best Anti Virus packages out.* If you prefer a paid version, theirs is
a very cost effective product with flavors to suit all applications and
sizes.



More information can be had at http://www.grisoft.com* if looking for a
one off copy of a basic AV for your Windows machine, then
http://free.grisoft.com* The free versions don't include all of the
bells and whistles but work very well, run and update automatically.



john plemons











Anne Wilson wrote:

ClamAV is installed on my CentOS box. I edited the conf file and assumed all
is well. Clearly it isn't.

Every day I see in logwatch that my signatures are updated, and the database
notified, but if I try to scan a file manually it tells me that my signatures
are 55 days old.

I tried looking at a how-to, in the hope of identifying the problem, but it is
hopelessly out of date, and I reached the stage where it seemed that
following it any further risked my installation.

Can someone please give me a quick run-down of the things I should check.
Clearly freshclam is running, but that's about all I know for certain.

Thanks

Anne
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos




No virus found in this incoming message.
Checked by AVG.
Version: 8.0.100 / Virus Database: 270.3.0/1505 - Release Date: 6/16/2008 7:20 AM




_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 02:43 PM
Ralph Angenendt
 
Default ClamAV help needed

Simon Banton wrote:
> At 14:48 +0200 17/6/08, Ralph Angenendt wrote:
>> It doesn't here:
>
> Is your copy installed from rpm/yum or compiled from source? Mine's the latter.

rpmforge.

Ralph
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 03:16 PM
Simon Banton
 
Default ClamAV help needed

At 16:43 +0200 17/6/08, Ralph Angenendt wrote:
> Is your copy installed from rpm/yum or compiled from source?
Mine's the latter.


rpmforge.


Ah - looking more deeply, my source was configured without
--with-dbdir=/var/lib/clamav which is why it defaulted to looking in
/usr/local/share/clamav


Now rebuilt with the --with-dbdir option, and everything's looking in
the correct place.


S.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 06-17-2008, 03:46 PM
Anne Wilson
 
Default ClamAV help needed

On Tuesday 17 June 2008 14:52:30 John Plemons wrote:
> Not to move anyone to another package, but to offer another route if you
> want to consider it.
>
> An option other than ClamAV is AVG, it works well, and is easy to install.
>
> Grisoft has a Linux version of their AVG Virus Software
> The free version can be downloaded here
>
> ftp://ftp.grisoft.cz/pub/softw/70free/setup/
>
> They have a complete line of Anti-Virus Software for both the MS and
> Linux worlds, I have used both version for years an like it much more
> than Symantic ( Norton ) - McAfee etc.. It doesn't wind it's way down
> into the heart of the OS, it is very stable and in my mind one of the
> best Anti Virus packages out. If you prefer a paid version, theirs is a
> very cost effective product with flavors to suit all applications and
> sizes.
>
> More information can be had at http://www.grisoft.com if looking for a
> one off copy of a basic AV for your Windows machine, then
> http://free.grisoft.com The free versions don't include all of the
> bells and whistles but work very well, run and update automatically.
>
I'll be checking out all the other suggestions, but I'll also look at this,
thanks.

Anne
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 01:08 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org