Topic: ClamAV Again

[cc_skavenger]

Having an issue with some new viruses coming through my mail server.  Ran freshclam to make sure it is updating and received this message:

[root@mail-server root]# freshclam
ClamAV update process started at Thu Jan 27 09:37:34 2005
WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Local version: 0.80 Recommended version: 0.81
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 689, sigs: 775, f-level: 4, builder: diego)
WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Current functionality level = 3, required = 4

Anyone else getting this?

TIA

[Knuddi]

There are very busy at Clamav They released the new 0.81 yesterday and they already nag about outdated installations....

I have build the new 0.81 and included it in the installation/upgrade script from:

http://sme.swerts-knudsen.dk/howtos/howto_22.htm

Rgds,
Jesper

[cc_skavenger]

I saw the rpms in the download area, but was waiting...

Thanks for the great work.

[Henk]

Thanks a lot Jesper. I've just updated my server. Not a single problem!

[mach1_4fun]

Thanks Jesper!, the upgrade went without a hitch!
your contribs have saved me alot of headaches!

[mbachmann]

Thanks Jesper. You are the man, again.

[Reinhold]

me2 Jesper - you are a hero  

(seriously making me lazy   ...
fiddled with freshlcam et al for an hour
just to find you had it already "on a plate")

-THANKS-
Reinhold

[knaidoo]

Hi, for some reason I get the following error when trying to install script:

Checking for existing installations.... Please wait!
Installing ClamAntivirus on SME 6.0.....
Downloading RPMs from http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus
--05:20:24--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-libs-0.75.1-es01.i386.rpm
           => clamav-es-libs-0.75.1-es01.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[207.182.33.10]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
Checking for existing installations.... Please wait!
Installing ClamAntivirus on SME 6.0.....
Downloading RPMs from http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus
--05:20:39--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-libs-0.75.1-es01.i386.rpm
           => clamav-es-libs-0.75.1-es01.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[207.182.33.10]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
05:20:39 ERROR 404: Not Found.

--05:20:39--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/clamav-es-0.75.1-es01.i386.rpm
           => clamav-es-0.75.1-es01.i386.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[207.182.33.10]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
05:20:39 ERROR 404: Not Found.

--05:20:40--  http://mirror.contribs.org/smeserver/contribs/swerts-knudsen/AntiVirus/sme-antivirus-1.0.1-1.noarch.rpm
           => sme-antivirus-1.0.1-1.noarch.rpm'
Resolving www.contribs.org... done.
Connecting to www.contribs.org[207.182.33.10]:80... connected.
HTTP request sent, awaiting response... 404 Not Found
05:20:40 ERROR 404: Not Found.

clamd: unrecognized service
Updating the Clam Virus database - Please wait....
antivirus_install.sh: /usr/bin/freshclam: No such file or directory
Installation of Antivirus has successfully completed.

[Reinhold]

knaidoo

Seems you haven't downloaded the NEWest install script from Jespers website.
The rpms you got errors from are all outdated and already removed from contribs...

DOWNLOAD the new url Jesper gave above !!!
http://sme.swerts-knudsen.dk/howtos/howto_22.htm

regards
Reinhold

P.S.: You may want to do this in a new directory !?

[knaidoo]

Thanks Reinhold and Jesper, that worked.[/quote]

[Mjohnson]

Thanks Jesper...

Once again your efforts have made my day!!

[svangool]

I had to "help" a little, I have an upgraded 6.0 and had CA 8.0 running:

During install:
...
clamav-es-0.80-es03 being uninstalled to prepare for upgrade....
antivirus_install.sh: service: command not found
warning: /usr/share/clamav/main.cvd saved as /usr/share/clamav/main.cvd.rpmsave
...
Amavis-ng Already patched
antivirus_install.sh: service: command not found
Updating the Clam Virus database - Please wait....
...
Database updated (29888 signatures) from db.us.clamav.net (IP: 209.200.146.2)
ERROR: Clamd was NOT notified: Can't connect to clamd through /var/lib/clamav/clamd.sock
connect(): No such file or directory
Update of Antivirus has successfully completed.

Log of an EICAR test message (but this happens also with ANY message):
...
Jan 29 13:50:14 myurl amavis[29693]: Not attempting to unpack 00000002
Jan 29 13:50:14 myurl amavis[29693]: AMAVIS::AV::CLAMD: Cannot connect to /var/lib/clamav/clamd.sock.
Jan 29 13:50:14 myurl amavis[29693]: Error while scanning for viruses with AMAVIS::AV::CLAMD:
Jan 29 13:50:14 myurl amavis[29693]: AMAVIS::MTA::Qmail: Freezing message
Jan 29 13:50:14 myurl amavis[29693]: Quarantining infected message to /var/spool/amavis-ng/problems/41fb8686-73fd
...

Well it's clear that CLAMD was not started, manually entering "/etc/rc.d/init.d/clamd start" did the job.

Then it works, thanks!

Sjef

[svangool]

To make the process clean, I modified the install script:
service clamd start=>/etc/rc.d/init.d/clamd start
service clamd stop=>/etc/rc.d/init.d/clamd stop

That made it working for me!

Sjef

[ajkeane]

I have upgraded using the above link but am now recieving the message below. Any ideas on how to correct this.

LibClamAV Warning: Unknown machine type in PE header (0x8664)
LibClamAV Warning: Broken PE header detected.

Thanks

Tony

[zoran]

I jost got this in my mail box:

Can't call method "prop" on an undefined value at /usr/bin/antivirus-stats.pl line 46.

[svangool]

Hello all,

I used to have a lot of warnings in the daily Cron Daemon message related to Clamav (more the kind that "ajkeane" has, but a lot more of them), now with 0.81 these are the only ones left:
LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

BTW, does anyone (especially knuddi) know why the "service" command doesn't work om my 6.0 system (It seems do be a normal command when I look at other scripts) ?

Sjef.

[haj]

Hello all,

I used to have a lot of warnings in the daily Cron Daemon message related to Clamav (more the kind that "ajkeane" has, but a lot more of them), now with 0.81 these are the only ones left:
LibClamAV Warning: Ignoring empty field in " charset="
LibClamAV Warning: Ignoring empty field in " charset="

BTW, does anyone (especially knuddi) know why the "service" command doesn't work om my 6.0 system (It seems do be a normal command when I look at other scripts) ?

Sjef.

I also have starnge error messages for /etc/clamscan:

LibClamAV Warning: Ignoring empty field in " name=RE :"
LibClamAV Warning: HQX8 messages not yet supported - if you believe this file contains a virus, report it to bugs@clamav.net
LibClamAV Warning: Corrupt BinHex file, claims it is 1612783905 bytes long in a message of 1469355 bytes

[haj]

Hello,

An other problem with sme.swerts-knudsen.dk antivirus contribs:
- when a message is put into problem directory, an email is sent to the administrator. The Email's date is always: 01/01/1970 11:00........

If you are looking for the solution to Date::Manip timezone errors, have a looke here: http://forums.contribs.org/index.php?topic=25718.msg105286#msg105286

[william_syd]

Same here. Just did the update and appears ok. Thank You.

On another note. Mail coming in gets this appended in the header -

X-Virus-Scanned:    by amavis-ng-0.1.6.4-03dc on teddy.magicwilly.info

Went here http://www.amavis.org/download.php3 looking to see if there is anything new and found this -

amavis-ng is a modular re-write of amavis-perl/amavisd.

This project is dead, therefore no package available. Source can be grabbed from CVS, though.

Interesting.


Regards,
William

Having an issue with some new viruses coming through my mail server.  Ran freshclam to make sure it is updating and received this message:

[root@mail-server root]# freshclam
ClamAV update process started at Thu Jan 27 09:37:34 2005
WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Local version: 0.80 Recommended version: 0.81
main.cvd is up to date (version: 29, sigs: 29086, f-level: 3, builder: tomek)
daily.cvd is up to date (version: 689, sigs: 775, f-level: 4, builder: diego)
WARNING: Your ClamAV installation is OUTDATED - please update immediately!
WARNING: Current functionality level = 3, required = 4

Anyone else getting this?

TIA

[markanthony]

I am getting the same error as Zoran, except at line 53.

Can't call method "prop" on an undefined value at /usr/bin/antivirus-stats.pl line 53.

[Knuddi]

And you have updated to the latest version via:

[root@e-smith]# wget -N  http://sme.swerts-knudsen.dk/downloads/AntiVirus/antivirus_install.sh

[root@e-smith]# sh antivirus_install.sh

[markanthony]

I used:
[root@e-smith]# wget -N http://sme.swerts-knudsen.com/downloads/AntiVirus/antivirus_install.sh

[root@e-smith]# sh antivirus_install.sh

I checked the version with
[root@synergysmeg root]# rpm -q clamav-es                                      

clamav-es-0.87-es01